Published: 04/08/2023 Updated: 09/08/2023

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that can be exploited through a server-side template injection (SSTI) flaw. This vulnerability allows a malicious malicious user to send customized commands to the server and execute arbitrary code on the affected system.

Vulnerable Product	Search on Vulmon	Subscribe to Product
pyrocms pyrocms 3.9

Pyro CMS version 39 suffers from a server-side template injection vulnerability ...

PyroCMS Exploit Framework

ArsonAssistant PyroCMS Exploit Framework WIP Thank you for your patience CVE-2023-29689: (Authenticated) SSTI to RCE in PyroCMS v39 CVE-2020-25262: CSRF leading to page deletion CVE-2020-25263: CSRF for plugin erasure Low-Priv Authenticated) Stored XSS in PyroCMS 211

NVD-CWE-Other https://cupc4k3.lol/ssti-leads-to-rce-on-pyrocms-7515be27c811 http://packetstormsecurity.com/files/174088/Pyro-CMS-3.9-Server-Side-Template-Injection.html https://nvd.nist.gov https://github.com/scumdestroy/ArsonAssistant https://packetstormsecurity.com/files/174088/Pyro-CMS-3.9-Server-Side-Template-Injection.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-29689

Vulnerability Summary

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect