Опубликовано: 02 янв. 2026
Источник: github
Github: Прошло ревью
CVSS4: 7.4
CVSS3: 8.8
Описание
Bagisto is vulnerable to SSTI via name parameters provided by non-admin low-privilege users
Summary
SSTI is possible via first name and last name parameters provided by lowest-privileged users.
Details
- Go to
http://127.0.0.1:8000/and login or signup - Go to
http://127.0.0.1:8000/customer/account/profile - Now edit the first name and last name to {{7*7}}
- Notice it appears as 49
POC
- Video attached with the report: https://github.com/user-attachments/assets/f93932b5-2a57-4f34-897e-4151a5168912
Impact
This can lead to RCE, command injection.
Пакеты
Наименование
bagisto/bagisto
composer
Затронутые версииВерсия исправления
< 2.3.10
2.3.10
Связанные уязвимости
CVSS3: 8.8
nvd
около 1 месяца назад
Bagisto is an open source laravel eCommerce platform. Versions prior to 2.3.10 are vulnerable to server-side template injection via first name and last name from a low-privilege user. Version 2.3.10 fixes the issue.