On 10 August 2023, CrushFTP released an advisory regarding a vulnerability affecting versions of CrushFTP lower than 10.5.1. Since then, the vulnerability has been tracked as CVE-2023-43177 and the security researchers at Converge published a blog sharing their findings on 16 November. CVE-2023-43177 is a mass assignment vulnerability related to how CrushFTP parses request headers … CVE-2023-43177: Critical Unauthenticated RCE Vulnerability in CrushFTP
Article Link: CVE-2023-43177: Critical Unauthenticated RCE Vulnerability in CrushFTP |Arctic Wolf