Описание
A Server Side Template Injection (SSTI) vulnerability in Pentest-Collaboration-Framework v1.0.8 allows an authenticated remote attacker to execute arbitrary code through /project/PROJECTNAME/reports/.
Ссылки
- PatchThird Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:pentest_collaboration_framework_project:pentest_collaboration_framework:1.0.8:*:*:*:*:*:*:*
EPSS
Процентиль: 84%
0.02246
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-94
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
A Server Side Template Injection (SSTI) vulnerability in Pentest-Collaboration-Framework v1.0.8 allows an authenticated remote attacker to execute arbitrary code through /project/PROJECTNAME/reports/.
EPSS
Процентиль: 84%
0.02246
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-94