CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes.
References
Link | Resource |
---|---|
https://convergetp.com/2023/11/16/crushftp-zero-day-cve-2023-43177-discovered/ | Exploit Third Party Advisory |
https://github.com/the-emmons/CVE-Disclosures/blob/main/Pending/CrushFTP-2023-1.md | Third Party Advisory |
Configurations
History
29 Nov 2023, 20:52
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/the-emmons/CVE-Disclosures/blob/main/Pending/CrushFTP-2023-1.md - Third Party Advisory | |
References | () https://convergetp.com/2023/11/16/crushftp-zero-day-cve-2023-43177-discovered/ - Exploit, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CPE | cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:* | |
CWE | CWE-913 | |
First Time |
Crushftp
Crushftp crushftp |
18 Nov 2023, 00:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-18 00:15
Updated : 2024-02-28 20:54
NVD link : CVE-2023-43177
Mitre link : CVE-2023-43177
CVE.ORG link : CVE-2023-43177
JSON object : View
Products Affected
crushftp
- crushftp
CWE
CWE-913
Improper Control of Dynamically-Managed Code Resources