Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ssti vulnerabilities and exploits

(subscribe to this query)

9.8
CVSSv3
CVE-2019-14965
An issue was discovered in Frappe Framework 10 through 12 before 12.0.4. A server side template injection (SSTI) issue exists....
Frappe Frappe
7.2
CVSSv3
CVE-2021-43097
A Server-side Template Injection (SSTI) vulnerability exists in bbs 5.3 in TemplateManageAction.javawhich could let a malicoius user execute arbitrary code....
Diyhi Bbs 5.3
9.8
CVSSv3
CVE-2021-44978
iCMS <= 8.0.0 allows users to add and render a comtom template, which has a SSTI vulnerability which causes remote code execution....
Idreamsoft Icms
9.8
CVE-2021-31635
Server-Side Template Injection (SSTI) vulnerability in jFinal v.4.9.08 allows a remote attacker to execute arbitrary code via the template function....
Jfinal Jfinal 4.9.08
9.8
CVE-2023-30331
An issue in the render function of beetl v3.15.0 allows attackers to execute server-side template injection (SSTI) via a crafted payload....
Beetl Project Beetl 3.15
7.2
CVE-2022-40634
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker SSTI....
Craftercms Crafter Cms
9.8
CVSSv3
CVE-2020-28246
A Server-Side Template Injection (SSTI) was discovered in Form.io 2.0.0. This leads to Remote Code Execution during deletion of the default Email template URL....
Form Form.io 2.0.0
8.8
CVSSv3
CVE-2021-42651
A Server Side Template Injection (SSTI) vulnerability in Pentest-Collaboration-Framework v1.0.8 allows an authenticated remote attacker to execute arbitrary code through /project/PROJECTNAME/reports/....
Pentest Collaboration Framework Project Pentest Collaboration Framework 1.0.8
9.8
CVSSv3
CVE-2021-46362
A Server-Side Template Injection (SSTI) vulnerability in the Registration and Forgotten Password forms of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted payload entered into the fullname parameter....
Magnolia-cms Magnolia Cms
9.8
CVE-2023-29689
PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that can be exploited through a server-side template injection (SSTI) flaw. This vulnerability allows a malicious attacker to send customized commands to the server and execute arbitrary code on the affected system....
Pyrocms Pyrocms 3.9
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
XSSCVE-2023-48314CVE-2023-6376CVE-2023-46384arbitrary codeCVE-2023-42917CVE-2023-48842CVE-2023-42916firewall
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook