Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
template injection vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-23761
Server Side Template Injection in Gambio 4.9.2.0 allows malicious users to run arbitrary code via crafted smarty email template.
Gambio Gambio 4.9.2.0
NA
CVE-2023-26546
European Chemicals Agency IUCLID prior to 6.27.6 allows remote authenticated users to execute arbitrary code via Server Side Template Injection (SSTI) with a crafted template file. The attacker must have template manager permission.
Echa.europa Iuclid
NA
CVE-2023-36210
MotoCMS Version 3.4.3 Store Category Template exists to contain a Server-Side Template Injection (SSTI) vulnerability via the keyword parameter.
Motocms Motocms 3.4.3
NA
CVE-2021-31635
Server-Side Template Injection (SSTI) vulnerability in jFinal v.4.9.08 allows a remote malicious user to execute arbitrary code via the template function.
Jfinal Jfinal 4.9.08
NA
CVE-2022-34625
Mealie1.0.0beta3 exists to contain a Server-Side Template Injection vulnerability, which allows malicious users to execute arbitrary code via a crafted Jinja2 template.
Mealie Project Mealie 1.0.0
NA
CVE-2022-48684
An issue exists in Logpoint prior to 7.1.1. Template injection was seen in the search template. The search template uses jinja templating for generating dynamic data. This could be abused to achieve code execution. Any user with access to create a search template can leverage thi...
312
VMScore
CVE-2022-22112
In DayByDay CRM, versions 1.1 up to and including 2.2.1 (latest) suffer from an application-wide Client-Side Template Injection (CSTI). A low privileged attacker can input template injection payloads in the application at various locations to execute JavaScript on the client brow...
Daybydaycrm Daybyday
NA
CVE-2023-6436
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ekol Informatics Website Template allows SQL Injection.This issue affects Website Template: up to and including 20231215.
Ekolbilisim Web Sablonu Yazilimi
801
VMScore
CVE-2021-35450
A Server Side Template Injection in the Entando Admin Console 6.3.9 and before allows a user with privileges to execute FreeMarker template with command execution via freemarker.template.utility.Execute
Entando Admin Console
NA
CVE-2024-22533
Before Beetl v3.15.12, the rendering template has a server-side template injection (SSTI) vulnerability. When the incoming template is controllable, it will be filtered by the DefaultNativeSecurityManager blacklist. Because blacklist filtering is not strict, the blacklist can be ...
Xiandafu Beetl 3.15.12
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »