Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
template injection vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-4110
SQL injection vulnerability in sign_in.aspx in Message Board / Threaded Discussion Forum Application Template allows remote malicious users to execute arbitrary SQL commands via the Password parameter.
Codewidgets Threaded Discussion Forum Application
1 EDB exploit
NA
CVE-2007-4863
SQL injection vulnerability in example.php in SAXON 5.4 allows remote malicious users to execute arbitrary SQL commands via the template parameter.
Quirm Saxon 5.4
1 EDB exploit
7.8
CVSSv3
CVE-2020-7384
Rapid7's Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary commands on a victim's machine.
Rapid7 Metasploit
3 Github repositories
NA
CVE-2007-3214
SQL injection vulnerability in style.php in e-Vision CMS 2.02 and previous versions, when magic_quotes_gpc is disabled, allows remote malicious users to execute arbitrary SQL commands via the template parameter.
E-vision E-vision Cms
1 EDB exploit
NA
CVE-2021-1484
A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to inject arbitrary commands on an affected system and cause a denial of service (DoS) condition. This vulnerability is due to improper input validation of user-supplied i...
6.1
CVSSv3
CVE-2024-22195
Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr` f...
Palletsprojects Jinja
1 Github repository
9.8
CVSSv3
CVE-2022-22954
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.
Vmware Identity Manager 3.3.3
Vmware Identity Manager 3.3.4
Vmware Identity Manager 3.3.5
Vmware Identity Manager 3.3.6
Vmware Vrealize Automation
Vmware Vrealize Automation 7.6
Vmware Workspace One Access 20.10.0.0
Vmware Workspace One Access 20.10.0.1
Vmware Workspace One Access 21.08.0.0
Vmware Workspace One Access 21.08.0.1
Vmware Vrealize Suite Lifecycle Manager
Vmware Cloud Foundation
1 Metasploit module
25 Github repositories
3 Articles
NA
CVE-2008-7090
Multiple directory traversal vulnerabilities in Pligg 9.9 and previous versions allow remote malicious users to (1) determine the existence of arbitrary files via a .. (dot dot) in the $tb_url variable in trackback.php, or (2) include arbitrary files via a .. (dot dot) in the tem...
Pligg Pligg Cms
Pligg Pligg Cms 9.5
1 EDB exploit
7.1
CVSSv3
CVE-2021-3583
A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special ...
Redhat Ansible Automation Platform 1.2
Redhat Ansible Tower
Redhat Ansible Engine
9.1
CVSSv3
CVE-2021-46063
MCMS v5.2.5 exists to contain a Server Side Template Injection (SSTI) vulnerability via the Template Management module.
Mingsoft Mcms 5.2.5
3 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »