Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-4040
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Unauthenticated arbitrary file read and remote code execution in CrushFTP
Source: NVD (National Vulnerability Database)
Vulnerability Description
A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
CWE-1336
Source: NVD (National Vulnerability Database)
Vulnerability Title
CrushFTP 代码注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
CrushFTP是一款文件传输服务器。 CrushFTP 10.7.1 和 11.1.0 之前版本存在安全漏洞,该漏洞源于允许低权限的远程攻击者从 VFS 沙箱之外的文件系统读取文件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
CrushFTPCrushFTP 10.0 ~ 10.7.1 -
II. Public POCs for CVE-2024-4040
#POC DescriptionSource LinkShenlong Link
1Scanner for CVE-2024-4040https://github.com/airbus-cert/CVE-2024-4040POC Details
2CVE-2024-4040 (CrushFTP VFS escape) or (CrushFTP unauthenticated RCE)https://github.com/tr4c3rs/CVE-2024-4040-RCE-POCPOC Details
3Scanner of vulnerability on crushftp instancehttps://github.com/tucommenceapousser/CVE-2024-4040-ScannerPOC Details
4Nonehttps://github.com/rbih-boulanouar/CVE-2024-4040POC Details
5A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.https://github.com/Mufti22/CVE-2024-4040POC Details
6CVE-2024-4040 CrushFTP SSTI LFI & Auth Bypass | Full Server Takeover | Wordlist Supporthttps://github.com/Stuub/CVE-2024-4040-SSTI-LFI-PoCPOC Details
7Exploit for CVE-2024-4040 affecting CrushFTP server in all versions before 10.7.1 and 11.1.0 on all platformshttps://github.com/Praison001/CVE-2024-4040-CrushFTP-serverPOC Details
8Exploit CrushFTP CVE-2024-4040https://github.com/Mohammaddvd/CVE-2024-4040POC Details
9Nonehttps://github.com/jakabakos/CVE-2024-4040-CrushFTP-File-Read-vulnerabilityPOC Details
10A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.https://github.com/gotr00t0day/CVE-2024-4040POC Details
11A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server. https://github.com/1ncendium/CVE-2024-4040POC Details
12CVE-2024-4040 PoChttps://github.com/olebris/CVE-2024-4040POC Details
13CVE-2024-4040 PoChttps://github.com/entroychang/CVE-2024-4040POC Details
14Nonehttps://github.com/safeer-accuknox/CrushFTP-cve-2024-4040-pocPOC Details
15is a PoC for CVE-2024-4040 tool for exploiting the SSTI vulnerability in CrushFTPhttps://github.com/geniuszlyy/GenCrushSSTIExploitPOC Details
16Nonehttps://github.com/rahisec/CVE-2024-4040POC Details
17exploit for CVE-2024-4040https://github.com/0xN7y/CVE-2024-4040POC Details
18is a PoC for CVE-2024-4040 tool for exploiting the SSTI vulnerability in CrushFTPhttps://github.com/geniuszly/GenCrushSSTIExploitPOC Details
19VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows remote attackers with low privileges to read files from the filesystem outside of VFS Sandbox. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-4040.yamlPOC Details
20Exploit for CVE-2024-4040 – Authentication bypass in CrushFTP via CrushAuth cookie and AWS-style header spoofing. Stealthy Python PoC with secure token generation, SSL bypass, and improved output.https://github.com/ill-deed/CrushFTP-CVE-2024-4040-illdeedPOC Details
21A Dockerized setup for running a vulnerable CrushFTP 10 server instance (CVE-2024-4040).https://github.com/juanorts/CrushFTP10-Docker-CVE-2024-4040POC Details
22Exploit CrushFTP CVE-2024-4040https://github.com/dhammerg/CVE-2024-4040POC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2024-4040
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: CrushFTP
Same vendor: CrushFTP
Same weakness: CWE-1336
V. Comments for CVE-2024-4040

No comments yet

Leave a comment