Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ssti vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-27623
CMS Made Simple version 2.2.19 is vulnerable to Server-Side Template Injection (SSTI). The vulnerability exists within the Design Manager, particularly when editing the Breadcrumbs.
8.8
CVSSv3
CVE-2021-42651
A Server Side Template Injection (SSTI) vulnerability in Pentest-Collaboration-Framework v1.0.8 allows an authenticated remote malicious user to execute arbitrary code through /project/PROJECTNAME/reports/.
Pentest Collaboration Framework Project Pentest Collaboration Framework 1.0.8
NA
CVE-2024-32404
Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1, allows remote malicious users to execute arbitrary code via a crafted payload to the Markup Sandbox feature.
NA
CVE-2024-22722
Server Side Template Injection (SSTI) vulnerability in Form Tools 3.1.1 allows malicious users to run arbitrary commands via the Group Name field under the add forms section of the application.
9.8
CVSSv3
CVE-2023-30145
Camaleon CMS v2.7.0 exists to contain a Server-Side Template Injection (SSTI) vulnerability via the formats parameter.
Tuzitio Camaleon Cms
NA
CVE-2024-27516
Server-Side Template Injection (SSTI) vulnerability in livehelperchat prior to 4.34v, allows remote malicious users to execute arbitrary code and obtain sensitive information via the search parameter in lhc_web/modules/lhfaq/faqweight.php.
NA
CVE-2024-32406
Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1 allows a remote malicious user to execute arbitrary code via a crafted payload to the Batch-Issue Exam Tickets function.
8.8
CVSSv3
CVE-2023-26546
European Chemicals Agency IUCLID prior to 6.27.6 allows remote authenticated users to execute arbitrary code via Server Side Template Injection (SSTI) with a crafted template file. The attacker must have template manager permission.
Echa.europa Iuclid
9.8
CVSSv3
CVE-2021-46362
A Server-Side Template Injection (SSTI) vulnerability in the Registration and Forgotten Password forms of Magnolia v6.2.3 and below allows malicious users to execute arbitrary code via a crafted payload entered into the fullname parameter.
Magnolia-cms Magnolia Cms
1 Github repository
7.5
CVSSv3
CVE-2018-14716
A Server Side Template Injection (SSTI) exists in the SEOmatic plugin prior to 3.1.4 for Craft CMS, because requests that don't match any elements incorrectly generate the canonicalUrl, and can lead to execution of Twig code.
Nystudio107 Seomatic
2 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »