Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
template injection vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2007-4108
SQL injection vulnerability in sign_in.aspx in WebEvents (Online Event Registration Template) allows remote malicious users to execute arbitrary SQL commands via the Password parameter.
Codewidgets Online Event Registration Template
668
VMScore
CVE-2007-5704
Multiple SQL injection vulnerabilities in CodeWidgets.com Online Event Registration Template allow remote malicious users to execute arbitrary SQL commands via the (1) Email Address and (2) Password fields in (a) login.asp and (b) admin_login.asp.
Codewidgets Online Event Registration Template
605
VMScore
CVE-2021-37694
@asyncapi/java-spring-cloud-stream-template generates a Spring Cloud Stream (SCSt) microservice. In versions before 0.7.0 arbitrary code injection was possible when an attacker controls the AsyncAPI document. An example is provided in GHSA-xj6r-2jpm-qvxp. There are no mitigations...
Asyncapi Java-spring-cloud-stream-template
1000
VMScore
CVE-2019-3396
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 prior to 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 prior to 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 prior to 6...
Atlassian Confluence
Atlassian Confluence Server
1 EDB exploit
18 Github repositories
1 Article
NA
CVE-2024-24724
Gibbon up to and including 26.0.00 allows /modules/School%20Admin/messengerSettings.php Server Side Template Injection leading to Remote Code Execution because input is passed to the Twig template engine (messengerSettings.php) without sanitization.
660
VMScore
CVE-2015-5603
The HipChat for JIRA plugin prior to 6.30.0 for Atlassian JIRA allows remote authenticated users to execute arbitrary Java code via unspecified vectors, related to "Velocity Template Injection Vulnerability."
Atlassian Hipchat
2 EDB exploits
NA
CVE-2023-30145
Camaleon CMS v2.7.0 exists to contain a Server-Side Template Injection (SSTI) vulnerability via the formats parameter.
Tuzitio Camaleon Cms
NA
CVE-2023-29689
PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that can be exploited through a server-side template injection (SSTI) flaw. This vulnerability allows a malicious malicious user to send customized commands to the server and execute arbitrary code on the affected s...
Pyrocms Pyrocms 3.9
1 Github repository
578
VMScore
CVE-2021-29440
Grav is a file based Web-platform. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privile...
Getgrav Grav
1 Github repository
668
VMScore
CVE-2020-8644
PlaySMS prior to 1.4.3 does not sanitize inputs from a malicious string.
Playsms Playsms
1 Github repository
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675
CVE-2024-3400
CVE-2024-23557
mass assignment
CVE-2023-1389
local file inclusion
CVE-2024-32596
file upload
CVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »