An issue exists in Squiz Matrix prior to 5.3.6.1 and 5.4.x prior to 5.4.1.3. Authenticated users with permissions to edit design assets can cause Remote Code Execution (RCE) via a maliciously crafted time_format tag.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
squiz matrix 5.4.1.2 |
||
squiz matrix 5.4.1.1 |
||
squiz matrix 5.4.1.0 |
||
squiz matrix 5.4.0.3 |
||
squiz matrix 5.4.0.2 |
||
squiz matrix 5.4.0.1 |
||
squiz matrix 5.4.0.0 |
||
squiz matrix |