Описание
Komm.One CMS 10.4.2.14 has a Server-Side Template Injection (SSTI) vulnerability via the Velocity template engine. It allows remote attackers to execute arbitrary code via a URL that specifies java.lang.Runtime in conjunction with getRuntime().exec followed by an OS command.
EPSS
Процентиль: 81%
0.0159
Низкий
7.5 High
CVSS3
Дефекты
CWE-94
Связанные уязвимости
CVSS3: 7.5
github
почти 2 года назад
Komm.One CMS 10.4.2.14 has a Server-Side Template Injection (SSTI) vulnerability via the Velocity template engine. It allows remote attackers to execute arbitrary code via a URL that specifies java.lang.Runtime in conjunction with getRuntime().exec followed by an OS command.
EPSS
Процентиль: 81%
0.0159
Низкий
7.5 High
CVSS3
Дефекты
CWE-94