Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.
https://www.rapid7.com/blog/post/2024/02/09/metasploit-weekly-wrap-up-02-09-2024/
https://www.cybersecuritydive.com/news/goanywhere-unpatched-critical-CVE/705759/?&web_view=true
https://www.theregister.com/2024/01/24/public_exploit_published_within_hours/
https://thehackernews.com/2024/01/patch-your-goanywhere-mft-immediately.html?&web_view=true
https://www.tenable.com/blog/cve-2024-0204-fortra-goanywhere-mft-authentication-bypass-vulnerability
https://www.tenable.com/blog/cve-2024-0204-fortra-goanywhere-mft-authentication-bypass-vulnerability
https://securityaffairs.com/157993/hacking/fortra-goanywhere-mft-critical-flaw.html
https://www.fortra.com/security/advisory/fi-2024-001
https://www.fortra.com/security/advisory/fi-2024-001
https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml
http://packetstormsecurity.com/files/176683/GoAnywhere-MFT-Authentication-Bypass.html