exploitDog

CVE-2024-27623

Опубликовано: 05 мар. 2024

Источник: nvd

CVSS3: 5.9

EPSS Низкий

Описание

CMS Made Simple version 2.2.19 is vulnerable to Server-Side Template Injection (SSTI). The vulnerability exists within the Design Manager, particularly when editing the Breadcrumbs.

Ссылки

https://github.com/capture0x/CMSMadeSimple2
Exploit
Third Party Advisory
https://github.com/capture0x/CMSMadeSimple2
Exploit
Third Party Advisory
https://www.vicarius.io/vsociety/posts/pwning-cmsms-via-user-defined-tags-for-fun-and-learning-cve-2024-27622-27623
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cmsmadesimple:cms_made_simple:2.2.19:*:*:*:*:*:*:*

EPSS

Процентиль: 19%

0.00061

Низкий

5.9 Medium

CVSS3

Дефекты

CWE-1336

Связанные уязвимости

GHSA-82w3-g3q9-mxc3

CVSS3: 5.9

github

почти 2 года назад

CMS Made Simple version 2.2.19 is vulnerable to Server-Side Template Injection (SSTI). The vulnerability exists within the Design Manager, particularly when editing the Breadcrumbs.

EPSS

Процентиль: 19%

0.00061

Низкий

5.9 Medium

CVSS3

Дефекты

CWE-1336