Vulmon
Recent Vulnerabilities
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
template injection vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2005-1810
SQL injection vulnerability in template-functions-category.php in WordPress 1.5.1 allows remote attackers to execute arbitrary SQL commands via the $cat_ID variable, as demonstrated using the cat parameter to index.php....
9.8
CVSSv3
CVE-2019-8341
** DISPUTED ** An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION...
1 EDB exploit available
7.5
CVSSv3
CVE-2020-11994
Server-Side Template Injection and arbitrary file disclosure on Camel templating components...
NA
CVE-2012-5777
Eval injection vulnerability in the ReplaceListVars function in the template parser in e/class/connect.php in EmpireCMS 6.6 allows user-assisted remote attackers to execute arbitrary PHP code via a crafted template....
9.8
CVSSv3
CVE-2017-16783
In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter....
9.8
CVSSv3
CVE-2020-1959
A Server-Side Template Injection was identified in Apache Syncope prior to 2.1.6 enabling attackers to inject arbitrary Java EL expressions, leading to an unauthenticated Remote Code Execution (RCE) vulnerability. Apache Syncope uses Java Bean Validation (JSR 380) custom...
9.1
CVSSv3
CVE-2018-11061
RSA NetWitness Platform versions prior to 11.1.0.2 and RSA Security Analytics versions prior to 10.6.6 are vulnerable to a server-side template injection vulnerability due to insecure configuration of the template engine used in the product. A remote authenticated malicious RSA...
8.8
CVSSv3
CVE-2018-19907
A Server-Side Template Injection issue was discovered in Crafter CMS 3.0.18. Attackers with developer privileges may execute OS commands by Creating/Editing a template file (.ftl filetype) that triggers a call to freemarker.template.utility.Execute in the FreeMarker library...
7.5
CVSSv3
CVE-2020-12790
In the SEOmatic plugin before 3.2.49 for Craft CMS, helpers/DynamicMeta.php does not properly sanitize the URL. This leads to Server-Side Template Injection and credentials disclosure via a crafted Twig template after a semicolon....
4.8
CVSSv3
CVE-2020-9437
SecureAuth.aspx in SecureAuth IdP 9.3.0 suffers from a client-side template injection that allows for script execution, in the same manner as XSS....
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-3996
CVE-2020-16898
CVE-2020-9920
HTML injection
cache poisoning
memory leak
CVE-2020-9908
CVE-2020-9863
CVE-2020-16938
1
2
3
4
5
NEXT »
Vulmon