CrushFTP SSTI (CVE-2024-4040)
Description
A critical server-side template injection (SSTI) vulnerability in CrushFTP enables unauthenticated attackers to read sensitive files outside the VFS Sandbox, bypass authentication to gain administrative access, and execute arbitrary code on the server.
Remediation
Upgrade to the latest version of CrushFTP