tags: #.netcommand_injection original link: CVE-2023-36049: Microsoft .NET CRLF Injection Arbitrary File Write/Deletion Vulnerability newsletter link:
Exploits Club Summary:
ZDIâs new blog post walks through an RCE vuln in Microsoftâs .NET Framework and Visual Studio. The command injection vulnerability stems from âinsufficient validation of FTP command parametersâ. In particular, the framework implements an abstraction for interacting with FTP control connections, but fails to validate if user supplied parameters contain CRLF characters.