GobyVuls/CrushFTP_as2-to_Authentication_Permission_bypass_Vulnerability.md at fe1e4aae0530d76426fa6d80cbae6cd813708134 - GobyVuls - 临风笛

admin/GobyVuls

mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-06 02:31:35 +00:00

Goby 31e28ade0e

Create CrushFTP_as2-to_Authentication_Permission_bypass_Vulnerability.md

2023-11-30 23:42:03 +08:00

1.4 KiB

Raw Blame History

CrushFTP as2-to Authentication Permission bypass Vulnerability (CVE-2023-43177)

Vulnerability	CrushFTP as2-to Authentication Permission bypass Vulnerability (CVE-2023-43177)
Chinese name	CrushFTP as2-to 认证权限绕过漏洞（CVE-2023-43177）
CVSS core	9.8
FOFA Query (click to view the results directly)	app="crushftp-WebInterface""
Number of assets affected	38695
Description	CrushFTP is a powerful file transfer server suitable for secure and efficient file transfer and management for individual or enterprise users.CrashFTP has a permission bypass vulnerability, where attackers can bypass system permission control by constructing malicious as2 to request authentication, achieving arbitrary execution of malicious operations such as file read and delete.
Impact	CrashFTP has a permission bypass vulnerability, where attackers can bypass system permission control by constructing malicious as2 to request authentication, achieving arbitrary execution of malicious operations such as file read and delete.