Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ssti vulnerabilities and exploits
(subscribe to this query)
578
VMScore
CVE-2021-42651
A Server Side Template Injection (SSTI) vulnerability in Pentest-Collaboration-Framework v1.0.8 allows an authenticated remote malicious user to execute arbitrary code through /project/PROJECTNAME/reports/.
Pentest Collaboration Framework Project Pentest Collaboration Framework 1.0.8
NA
CVE-2024-27623
CMS Made Simple version 2.2.19 is vulnerable to Server-Side Template Injection (SSTI). The vulnerability exists within the Design Manager, particularly when editing the Breadcrumbs.
NA
CVE-2024-32404
Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1, allows remote malicious users to execute arbitrary code via a crafted payload to the Markup Sandbox feature.
NA
CVE-2024-22722
Server Side Template Injection (SSTI) vulnerability in Form Tools 3.1.1 allows malicious users to run arbitrary commands via the Group Name field under the add forms section of the application.
NA
CVE-2024-27516
Server-Side Template Injection (SSTI) vulnerability in livehelperchat prior to 4.34v, allows remote malicious users to execute arbitrary code and obtain sensitive information via the search parameter in lhc_web/modules/lhfaq/faqweight.php.
NA
CVE-2023-30145
Camaleon CMS v2.7.0 exists to contain a Server-Side Template Injection (SSTI) vulnerability via the formats parameter.
Tuzitio Camaleon Cms
NA
CVE-2024-4040
CVE-2024-4040 exploit for CVE-2024-4040
2 Github repositories
NA
CVE-2024-32406
Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1 allows a remote malicious user to execute arbitrary code via a crafted payload to the Batch-Issue Exam Tickets function.
NA
CVE-2023-26546
European Chemicals Agency IUCLID prior to 6.27.6 allows remote authenticated users to execute arbitrary code via Server Side Template Injection (SSTI) with a crafted template file. The attacker must have template manager permission.
Echa.europa Iuclid
668
VMScore
CVE-2020-28246
A Server-Side Template Injection (SSTI) exists in Form.io 2.0.0. This leads to Remote Code Execution during deletion of the default Email template URL. NOTE: the email templating service was removed after 2020.
Form Form.io 2.0.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304
CVE-2024-4240
arbitrary
CVE-2024-31601
XSS
CVE-2023-20198
CVE-2024-4256
CVE-2024-3342
encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »