Lucene search
MitreCVELIST:CVE-2020-28246HistoryMay 31, 2022 - 12:00 a.m.
CVE-2020-28246
2022-05-3100:00:00
mitre
www.cve.org
3
server-side template injection
form.io 2.0.0
remote code execution
email template
vendor dispute
admins.
A Server-Side Template Injection (SSTI) was discovered in Form.io 2.0.0. This leads to Remote Code Execution during deletion of the default Email template URL. NOTE: the email templating service was removed after 2020. Additionally, the vendor disputes this issue indicating this is sandboxed and only executable by admins.
Related
osv
osv
Server-Side Template Injection in formio
2022-06-03 00:00:58
CVE-2020-28246
2022-06-02 14:15:26
cve
cve
CVE-2020-28246
2022-06-02 14:15:26
prion
prion
Remote code execution
2022-06-02 14:15:00
veracode
veracode
Remote Code Execution
2022-06-03 11:00:22
github
github
Server-Side Template Injection in formio
2022-06-03 00:00:58
vulnrichment
vulnrichment
CVE-2020-28246
2022-05-31 00:00:00
nvd
nvd
CVE-2020-28246
2022-06-02 14:15:26