Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMitreCVELIST:CVE-2023-30179
HistoryJun 13, 2023 - 12:00 a.m.

CVE-2023-30179

2023-06-1300:00:00
mitre
www.cve.org
craftcms
ssti
rce
user settings
twig template
administrators
remote code execution

0.004 Low

EPSS

Percentile

73.6%

JSON

CraftCMS version 3.7.59 is vulnerable to Server-Side Template Injection (SSTI). An authenticated attacker can inject Twig Template to User Photo Location field when setting User Photo Location in User Settings, lead to Remote Code Execution. NOTE: the vendor disputes this because only Administrators can add this Twig code, and (by design) Administrators are allowed to do that by default.

Related

veracode 1
cve 1
prion 1
osv 1
github 1
nvd 1
veracode
veracode
Server-Side Template Injection
2023-06-23 16:03:45
cve
cve
CVE-2023-30179
2023-06-13 17:15:14
prion
prion
Design/Logic Flaw
2023-06-13 17:15:00
osv
osv
Withdrawn Advisory: CraftCMS Server-Side Template Injection vulnerability
2023-06-13 18:30:39
github
github
Withdrawn Advisory: CraftCMS Server-Side Template Injection vulnerability
2023-06-13 18:30:39
nvd
nvd
CVE-2023-30179
2023-06-13 17:15:14

0.004 Low

EPSS

Percentile

73.6%

JSON
Related for CVELIST:CVE-2023-30179
veracode1cve1prion1osv1github1nvd1