Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ssti vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2021-42651
A Server Side Template Injection (SSTI) vulnerability in Pentest-Collaboration-Framework v1.0.8 allows an authenticated remote malicious user to execute arbitrary code through /project/PROJECTNAME/reports/.
Pentest Collaboration Framework Project Pentest Collaboration Framework 1.0.8
NA
CVE-2024-27623
CMS Made Simple version 2.2.19 is vulnerable to Server-Side Template Injection (SSTI). The vulnerability exists within the Design Manager, particularly when editing the Breadcrumbs.
NA
CVE-2024-32404
Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1, allows remote malicious users to execute arbitrary code via a crafted payload to the Markup Sandbox feature.
NA
CVE-2024-22722
Server Side Template Injection (SSTI) vulnerability in Form Tools 3.1.1 allows malicious users to run arbitrary commands via the Group Name field under the add forms section of the application.
NA
CVE-2024-27516
Server-Side Template Injection (SSTI) vulnerability in livehelperchat prior to 4.34v, allows remote malicious users to execute arbitrary code and obtain sensitive information via the search parameter in lhc_web/modules/lhfaq/faqweight.php.
9.8
CVSSv3
CVE-2023-30145
Camaleon CMS v2.7.0 exists to contain a Server-Side Template Injection (SSTI) vulnerability via the formats parameter.
Tuzitio Camaleon Cms
NA
CVE-2024-4040
CVE-2024-4040 exploit for CVE-2024-4040
2 Github repositories
NA
CVE-2024-32406
Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1 allows a remote malicious user to execute arbitrary code via a crafted payload to the Batch-Issue Exam Tickets function.
8.8
CVSSv3
CVE-2023-26546
European Chemicals Agency IUCLID prior to 6.27.6 allows remote authenticated users to execute arbitrary code via Server Side Template Injection (SSTI) with a crafted template file. The attacker must have template manager permission.
Echa.europa Iuclid
9.8
CVSSv3
CVE-2020-28246
A Server-Side Template Injection (SSTI) exists in Form.io 2.0.0. This leads to Remote Code Execution during deletion of the default Email template URL. NOTE: the email templating service was removed after 2020.
Form Form.io 2.0.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race condition
CVE-2024-4249
CVE-2024-4244
CVE-2023-20198
TCP
CVE-2022-48648
CVE-2022-48636
CVE-2024-21345
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »