Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
ssti vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-28468
This affects the package pwntools before 4.3.1. The shellcraft generator for affected versions of this module are vulnerable to Server-Side Template Injection (SSTI), which can lead to remote code execution....
Pwntools Project Pwntools
8.8
CVE-2023-26546
European Chemicals Agency IUCLID before 6.27.6 allows remote authenticated users to execute arbitrary code via Server Side Template Injection (SSTI) with a crafted template file. The attacker must have template manager permission....
Echa.europa Iuclid
7.5
CVSSv3
CVE-2018-14716
A Server Side Template Injection (SSTI) was discovered in the SEOmatic plugin before 3.1.4 for Craft CMS, because requests that don't match any elements incorrectly generate the canonicalUrl, and can lead to execution of Twig code....
Nystudio107 Seomatic
1 Github repository available
10
CVSSv3
CVE-2021-26622
An remote code execution vulnerability due to SSTI vulnerability and insufficient file name parameter validation was discovered in Genian NAC. Remote attackers are able to execute arbitrary malicious code with SYSTEM privileges on all connected nodes in NAC through this...
Genians Genian Nac
9.8
CVSSv3
CVE-2018-13818
Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the search search_key parameter. NOTE: the vendor points out that Twig itself is not a web application and states that it is the responsibility of web applications using Twig to properly wrap input to it...
Symfony Twig
7.5
CVE-2022-25813
In Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message “Subject” field from the "Contact us" page. Then a party manager needs to list the communications in...
Apache Ofbiz
7.2
CVE-2023-22621
Strapi through 4.5.5 allows authenticated Server-Side Template Injection (SSTI) that can be exploited to execute arbitrary code on the server. A remote attacker with access to the Strapi admin panel can inject a crafted payload that executes code on the server into an email...
Strapi Strapi
5 Github repositories available
8.8
CVE-2023-46816
An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. A Server Site Template Injection (SSTI) vulnerability has been identified in the GecControl action. By using a crafted request, custom PHP code can be injected via the GetControl action because of missing...
Sugarcrm Sugarcrm 13.0.0
Sugarcrm Sugarcrm 13.0.1
Sugarcrm Sugarcrm
7.5
CVE-2023-38286
Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin (aka Spring Boot Admin) through 3.1.1 and other products, allows sandbox bypass via crafted HTML. This may be relevant for SSTI (Server Side Template Injection) and code execution in spring-boot-admin if MailNotifier...
Thymeleaf Thymeleaf
Codecentric Spring Boot Admin
2 Github repositories available
7.2
CVE-2023-30179
CraftCMS version 3.7.59 is vulnerable to Server-Side Template Injection (SSTI). An authenticated attacker can inject Twig Template to User Photo Location field when setting User Photo Location in User Settings, lead to Remote Code Execution. NOTE: the vendor disputes this...
Craftcms Craft Cms 3.7.59
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
XSS
CVE-2023-48314
CVE-2023-6376
CVE-2023-46384
arbitrary code
CVE-2023-42917
CVE-2023-48842
CVE-2023-42916
firewall
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »
Vulmon