Количество 2
Количество 2
CVE-2025-62416
Bagisto is an open source laravel eCommerce platform. Bagisto v2.3.7 is vulnerable to Server-Side Template Injection (SSTI) due to unsanitized user input being processed by the server-side templating engine when rendering product descriptions. This allows an attacker with product creation privileges to inject arbitrary template expressions that are evaluated by the backend — potentially leading to Remote Code Execution (RCE) on the server. This vulnerability is fixed in 2.3.8.
GHSA-527q-4wqv-g9wj
bagisto has Server Side Template Injection (SSTI) in Product Description
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-62416 Bagisto is an open source laravel eCommerce platform. Bagisto v2.3.7 is vulnerable to Server-Side Template Injection (SSTI) due to unsanitized user input being processed by the server-side templating engine when rendering product descriptions. This allows an attacker with product creation privileges to inject arbitrary template expressions that are evaluated by the backend — potentially leading to Remote Code Execution (RCE) on the server. This vulnerability is fixed in 2.3.8. | CVSS3: 5.1 | 0% Низкий | 4 месяца назад |
| GHSA-527q-4wqv-g9wj bagisto has Server Side Template Injection (SSTI) in Product Description | CVSS3: 5.1 | 0% Низкий | 4 месяца назад |
Уязвимостей на страницу