exploitDog

CVE-2023-29689

Опубликовано: 04 авг. 2023

Источник: nvd

CVSS3: 9.8

EPSS Средний

Описание

PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that can be exploited through a server-side template injection (SSTI) flaw. This vulnerability allows a malicious attacker to send customized commands to the server and execute arbitrary code on the affected system.

Ссылки

http://packetstormsecurity.com/files/174088/Pyro-CMS-3.9-Server-Side-Template-Injection.html
https://cupc4k3.lol/ssti-leads-to-rce-on-pyrocms-7515be27c811
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/174088/Pyro-CMS-3.9-Server-Side-Template-Injection.html
https://cupc4k3.lol/ssti-leads-to-rce-on-pyrocms-7515be27c811
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pyrocms:pyrocms:3.9:*:*:*:*:*:*:*

EPSS

Процентиль: 98%

0.4933

Средний

9.8 Critical

CVSS3

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-w7vm-4v3j-vgpw

CVSS3: 9.8

github

больше 2 лет назад

PyroCMS remote code execution vulnerability

EPSS

Процентиль: 98%

0.4933

Средний

9.8 Critical

CVSS3

Дефекты

NVD-CWE-Other