Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ssti vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2021-42651
A Server Side Template Injection (SSTI) vulnerability in Pentest-Collaboration-Framework v1.0.8 allows an authenticated remote malicious user to execute arbitrary code through /project/PROJECTNAME/reports/.
Pentest Collaboration Framework Project Pentest Collaboration Framework 1.0.8
NA
CVE-2024-27623
CMS Made Simple version 2.2.19 is vulnerable to Server-Side Template Injection (SSTI). The vulnerability exists within the Design Manager, particularly when editing the Breadcrumbs.
NA
CVE-2024-32651
changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. There is a Server Side Template Injection (SSTI) in Jinja2 that allows Remote Command Execution on the server host. Attackers can run any system command with...
1 Github repository
NA
CVE-2024-32404
Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1, allows remote malicious users to execute arbitrary code via a crafted payload to the Markup Sandbox feature.
NA
CVE-2024-22722
Server Side Template Injection (SSTI) vulnerability in Form Tools 3.1.1 allows malicious users to run arbitrary commands via the Group Name field under the add forms section of the application.
NA
CVE-2024-27516
Server-Side Template Injection (SSTI) vulnerability in livehelperchat prior to 4.34v, allows remote malicious users to execute arbitrary code and obtain sensitive information via the search parameter in lhc_web/modules/lhfaq/faqweight.php.
9.8
CVSSv3
CVE-2023-30145
Camaleon CMS v2.7.0 exists to contain a Server-Side Template Injection (SSTI) vulnerability via the formats parameter.
Tuzitio Camaleon Cms
NA
CVE-2024-32406
Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1 allows a remote malicious user to execute arbitrary code via a crafted payload to the Batch-Issue Exam Tickets function.
8.8
CVSSv3
CVE-2023-26546
European Chemicals Agency IUCLID prior to 6.27.6 allows remote authenticated users to execute arbitrary code via Server Side Template Injection (SSTI) with a crafted template file. The attacker must have template manager permission.
Echa.europa Iuclid
9.8
CVSSv3
CVE-2021-46362
A Server-Side Template Injection (SSTI) vulnerability in the Registration and Forgotten Password forms of Magnolia v6.2.3 and below allows malicious users to execute arbitrary code via a crafted payload entered into the fullname parameter.
Magnolia-cms Magnolia Cms
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »