exploitDog

CVE-2024-32407

Опубликовано: 22 апр. 2024

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

An issue in inducer relate before v.2024.1 allows a remote attacker to execute arbitrary code via a crafted payload to the Page Sandbox feature.

Ссылки

https://book.hacktricks.xyz/v/jp/pentesting-web/ssti-server-side-template-injection
Permissions Required
https://cxsecurity.com/issue/WLB-2024040049
Exploit
Third Party Advisory
https://book.hacktricks.xyz/v/jp/pentesting-web/ssti-server-side-template-injection
Permissions Required
https://cxsecurity.com/issue/WLB-2024040049
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:inducer:relate:*:*:*:*:*:*:*:*

Версия до 2024.1 (исключая)

EPSS

Процентиль: 82%

0.01672

Низкий

8.8 High

CVSS3

Дефекты

CWE-918

Связанные уязвимости

GHSA-66c8-9r5r-35hf

CVSS3: 8.8

github

почти 2 года назад

An issue in inducer relate before v.2024.1 allows a remote attacker to execute arbitrary code via a crafted payload to the Page Sandbox feature.

EPSS

Процентиль: 82%

0.01672

Низкий

8.8 High

CVSS3

Дефекты

CWE-918