Published: 28/01/2020 Updated: 21/07/2021

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2

VMScore: 802

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

An issue exists in FusionAuth prior to 1.11.0. An authenticated user, allowed to edit e-mail templates (Home -> Settings -> Email Templates) or themes (Home -> Settings -> Themes), can execute commands on the underlying operating system by abusing freemarker.template.utility.Execute in the Apache FreeMarker engine that processes custom templates.

Vulnerable Product	Search on Vulmon	Subscribe to Product
fusionauth fusionauth

FusionAuth versions 110 and below suffer from a remote command execution vulnerability An authenticated attacker with enough privileges to access the template editing functions (either site templates or e-mail templates) in the FusionAuth dashboard can execute commands on the underlying operating system using the Apache FreeMarker Expression lang ...

cve-2020-7799 批量检测cve-2020-7799 在同目录下添加一个texttxt文件文件内url格式如下所示： wwwbaiducom 132231132132 1331212213:8080 运行即可python3 cve-2020-7799py 注意：禁止使用本项目所有资源进行非法测试！

批量检测cve-2020-7799

cve-2020-7799 批量检测cve-2020-7799 在同目录下添加一个texttxt文件文件内url格式如下所示： wwwbaiducom 132231132132 1331212213:8080 运行即可python3 cve-2020-7799py 注意：禁止使用本项目所有资源进行非法测试！

CWE-917 https://lab.mediaservice.net/advisory/2020-03-fusionauth.txt http://packetstormsecurity.com/files/156102/FusionAuth-1.10-Remote-Command-Execution.html https://fusionauth.io/docs/v1/tech/release-notes https://seclists.org/bugtraq/2020/Jan/39 https://nvd.nist.gov https://github.com/ianxtianxt/CVE-2020-7799 https://github.com/Pikaqi/cve-2020-7799 https://packetstormsecurity.com/files/156102/FusionAuth-1.10-Remote-Command-Execution.html

CVE-2020-7799

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect