CVE-2021-46362

Опубликовано: 11 фев. 2022

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

A Server-Side Template Injection (SSTI) vulnerability in the Registration and Forgotten Password forms of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted payload entered into the fullname parameter.

Ссылки

https://docs.magnolia-cms.com/product-docs/6.2/Releases/Release-notes-for-Magnolia-CMS-6.2.4.html#_security_advisory
Release Notes
Vendor Advisory
https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2021-46362-Unauthenticated%20SSTI-Magnolia%20CMS
Exploit
Third Party Advisory
https://docs.magnolia-cms.com/product-docs/6.2/Releases/Release-notes-for-Magnolia-CMS-6.2.4.html#_security_advisory
Release Notes
Vendor Advisory
https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2021-46362-Unauthenticated%20SSTI-Magnolia%20CMS
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:magnolia-cms:magnolia_cms:*:*:*:*:*:*:*:*

Версия до 6.2.4 (исключая)

EPSS

Процентиль: 86%

0.02924

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-94

Связанные уязвимости

GHSA-pm6q-mcg4-jmhv