CVE 2024-4040 - CrushFTP Server-Side Template Injection Vulnerability Analysis
This blog post contains a thorough analysis of Server Side Template Injection vulnerability in a commercial Managed File Transfer product named CrushFTP. Exploit script is available. The post covers the vulnerability, exploitation, and the underlying custom templating engine that led to the issue, with code and analysis.