Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
template injection vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2024-23761
Server Side Template Injection in Gambio 4.9.2.0 allows malicious users to run arbitrary code via crafted smarty email template.
Gambio Gambio 4.9.2.0
8.8
CVSSv3
CVE-2023-26546
European Chemicals Agency IUCLID prior to 6.27.6 allows remote authenticated users to execute arbitrary code via Server Side Template Injection (SSTI) with a crafted template file. The attacker must have template manager permission.
Echa.europa Iuclid
9.8
CVSSv3
CVE-2023-36210
MotoCMS Version 3.4.3 Store Category Template exists to contain a Server-Side Template Injection (SSTI) vulnerability via the keyword parameter.
Motocms Motocms 3.4.3
9.8
CVSSv3
CVE-2021-31635
Server-Side Template Injection (SSTI) vulnerability in jFinal v.4.9.08 allows a remote malicious user to execute arbitrary code via the template function.
Jfinal Jfinal 4.9.08
7.2
CVSSv3
CVE-2022-34625
Mealie1.0.0beta3 exists to contain a Server-Side Template Injection vulnerability, which allows malicious users to execute arbitrary code via a crafted Jinja2 template.
Mealie Project Mealie 1.0.0
NA
CVE-2022-48684
An issue exists in Logpoint prior to 7.1.1. Template injection was seen in the search template. The search template uses jinja templating for generating dynamic data. This could be abused to achieve code execution. Any user with access to create a search template can leverage thi...
5.4
CVSSv3
CVE-2022-22112
In DayByDay CRM, versions 1.1 up to and including 2.2.1 (latest) suffer from an application-wide Client-Side Template Injection (CSTI). A low privileged attacker can input template injection payloads in the application at various locations to execute JavaScript on the client brow...
Daybydaycrm Daybyday
9.8
CVSSv3
CVE-2023-6436
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ekol Informatics Website Template allows SQL Injection.This issue affects Website Template: up to and including 20231215.
Ekolbilisim Web Sablonu Yazilimi
7.2
CVSSv3
CVE-2021-35450
A Server Side Template Injection in the Entando Admin Console 6.3.9 and before allows a user with privileges to execute FreeMarker template with command execution via freemarker.template.utility.Execute
Entando Admin Console
9.8
CVSSv3
CVE-2024-22533
Before Beetl v3.15.12, the rendering template has a server-side template injection (SSTI) vulnerability. When the incoming template is controllable, it will be filtered by the DefaultNativeSecurityManager blacklist. Because blacklist filtering is not strict, the blacklist can be ...
Xiandafu Beetl 3.15.12
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »