exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 2

CVE-2023-30179

больше 2 лет назад

CraftCMS version 3.7.59 is vulnerable to Server-Side Template Injection (SSTI). An authenticated attacker can inject Twig Template to User Photo Location field when setting User Photo Location in User Settings, lead to Remote Code Execution. NOTE: the vendor disputes this because only Administrators can add this Twig code, and (by design) Administrators are allowed to do that by default.

CVSS3: 7.2

EPSS: Низкий

GHSA-3x74-v64j-qc3f

больше 2 лет назад

Withdrawn Advisory: CraftCMS Server-Side Template Injection vulnerability

CVSS3: 7.2

EPSS: Низкий

Уязвимостей на страницу

	Уязвимость	CVSS	EPSS	Опубликовано
	CVE-2023-30179 CraftCMS version 3.7.59 is vulnerable to Server-Side Template Injection (SSTI). An authenticated attacker can inject Twig Template to User Photo Location field when setting User Photo Location in User Settings, lead to Remote Code Execution. NOTE: the vendor disputes this because only Administrators can add this Twig code, and (by design) Administrators are allowed to do that by default.	CVSS3: 7.2	4% Низкий	больше 2 лет назад
	GHSA-3x74-v64j-qc3f Withdrawn Advisory: CraftCMS Server-Side Template Injection vulnerability	CVSS3: 7.2	4% Низкий	больше 2 лет назад

Уязвимостей на страницу