Vulnerabilities > Crushftp > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-04-22 | CVE-2024-4040 | Code Injection vulnerability in Crushftp A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server. | 10.0 |
| 2023-11-18 | CVE-2023-43177 | Improper Control of Dynamically-Managed Code Resources vulnerability in Crushftp CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes. | 9.8 |
| 2017-08-30 | CVE-2017-14035 | Deserialization of Untrusted Data vulnerability in Crushftp CrushFTP 8.x before 8.2.0 has a serialization vulnerability. | 9.8 |