Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cnvdChina National Vulnerability DatabaseCNVD-2022-55069
HistoryMar 30, 2022 - 12:00 a.m.

fenom code injection vulnerability

2022-03-3000:00:00
China National Vulnerability Database
www.cnvd.org.cn
23
fenom
php
code injection
vulnerability
sandbox bypass
disable_native_funcs

EPSS

0.002

Percentile

53.3%

JSON

fenom is a lightweight and fast PHP template engine. fenom 2.12.1 and earlier versions are vulnerable to code injection, which stems from a failure to properly filter the construct command special characters, commands, etc. in the getTemplateCode() function of fenom/src/Fenom/Template.php, which can be exploited by attackers to vulnerability can be exploited to bypass the sandbox and execute arbitrary PHP code when disable_native_funcs is true.

Related

github 1
osv 2
prion 1
cvelist 1
nvd 1
cve 1
github
github
Sandbox bypass in fenom
2022-03-29 00:01:15
osv
osv
CVE-2021-46433
2022-03-28 11:15:07
Sandbox bypass in fenom
2022-03-29 00:01:15
prion
prion
Spoofing
2022-03-28 11:15:00
cvelist
cvelist
CVE-2021-46433
2022-03-28 10:51:16
nvd
nvd
CVE-2021-46433
2022-03-28 11:15:07
cve
cve
CVE-2021-46433
2022-03-28 11:15:07

EPSS

0.002

Percentile

53.3%

JSON
Related for CNVD-2022-55069
github1osv2prion1cvelist1nvd1cve1