A proof-of-concept exploit was publicly released for a critical remote code execution vulnerability in the CrushFTP enterprise suite, allowing unauthenticated attackers to access files on the server, execute code, and obtain plain-text passwords. […]
from https://www.bleepingcomputer.com/news/security/exploit-for-crushftp-rce-chain-released-patch-now/