exploitDog

CVE-2023-30145

Опубликовано: 26 мая 2023

Источник: nvd

CVSS3: 9.8

EPSS Средний

Описание

Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the formats parameter.

Ссылки

http://packetstormsecurity.com/files/172593/Camaleon-CMS-2.7.0-Server-Side-Template-Injection.html
Exploit
Third Party Advisory
VDB Entry
https://book.hacktricks.xyz/pentesting-web/ssti-server-side-template-injection
Exploit
Technical Description
Third Party Advisory
https://drive.google.com/file/d/11MsSYqUnDRFjcwbQKJeL9Q8nWpgVYf2r/view?usp=share_link
Exploit
Third Party Advisory
https://github.com/paragbagul111/CVE-2023-30145
Exploit
Third Party Advisory
https://portswigger.net/research/server-side-template-injection
Technical Description
http://packetstormsecurity.com/files/172593/Camaleon-CMS-2.7.0-Server-Side-Template-Injection.html
Exploit
Third Party Advisory
VDB Entry
https://book.hacktricks.xyz/pentesting-web/ssti-server-side-template-injection
Exploit
Technical Description
Third Party Advisory
https://drive.google.com/file/d/11MsSYqUnDRFjcwbQKJeL9Q8nWpgVYf2r/view?usp=share_link
Exploit
Third Party Advisory
https://github.com/paragbagul111/CVE-2023-30145
Exploit
Third Party Advisory
https://portswigger.net/research/server-side-template-injection
Technical Description

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tuzitio:camaleon_cms:*:*:*:*:*:*:*:*

Версия до 2.7.0 (включая)

EPSS

Процентиль: 98%

0.58834

Средний

9.8 Critical

CVSS3

Дефекты

CWE-94

CWE-94

Связанные уязвимости

GHSA-x487-866m-p8hr

CVSS3: 9.8

github

больше 2 лет назад

Server-Side Template Injection in Camaleon CMS

EPSS

Процентиль: 98%

0.58834

Средний

9.8 Critical

CVSS3

Дефекты

CWE-94

CWE-94