writeups.xyz / CVE-2023-36049: Microsoft .NET CRLF Injection Arbitrary File Write/deletion Vulnerability

Submitter : c2a

Date: 6 March 2024

Bounty : undisclosed

Vulnerabilities :

• CRLF Injection
• FTP

Programs :

• Microsoft (.NET Framework, Visual Studio)

Authors :

• Justin Hung
• Yazhi Wang
• Piotr Bazydło (@Chudypb)

Link :
https://www.zerodayinitiative.com/blog/2024/3/6/cve-2023-36049-microsoft-net-crlf-injection-arbitrary-file-writedeletion-vulnerability