Over 1,400 CrushFTP Servers Vulnerable To Actively Exploited Bug
Last Friday, CrushFTP disclosed details of critical severity server-side template injection vulnerability in its file transfer software that is being actively exploited in attacks in the wild. Tracked as CVE-2024-4040, the flaw could enable actors to perform a virtual file system escape to read any file on the server's file system, gain administrative privileges, and perform remote code execution to effectively compromise unpatched systems.