Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntrCupc4k371FE4B3B-20AC-448C-8191-7B99D7FFAF55
HistoryFeb 09, 2023 - 11:29 p.m.

RCE by Server Side Template Injection

2023-02-0923:29:31
cupc4k3
www.huntr.dev
11
rce
server side injection
significant
immediate action

0.002 Low

EPSS

Percentile

51.5%

JSON

Description

Hi, During my testing, I discovered that it is possible to inject code into the system through the “first name” field.

This vulnerability allows for server-side template injection, which can lead to arbitrary code execution. The impact of this vulnerability is potentially significant and should be addressed as soon as possible.

I ran the {{system(‘id’)}} proving the code execution on the server.

Proof of Concept

Poc:

Alt Text

Related

prion 1
cve 1
veracode 1
osv 2
cvelist 1
nvd 1
github 1
prion
prion
Command injection
2023-04-05 17:15:00
cve
cve
CVE-2023-1877
2023-04-05 17:15:06
veracode
veracode
Command Injection
2023-04-26 06:02:55
osv
osv
CVE-2023-1877
2023-04-05 17:15:06
Microweber vulnerable to command injection
2023-04-05 18:30:18
cvelist
cvelist
CVE-2023-1877 Command Injection in microweber/microweber
2023-04-05 00:00:00
nvd
nvd
CVE-2023-1877
2023-04-05 17:15:06
github
github
Microweber vulnerable to command injection
2023-04-05 18:30:18

0.002 Low

EPSS

Percentile

51.5%

JSON
Related for 71FE4B3B-20AC-448C-8191-7B99D7FFAF55
prion1cve1veracode1osv2cvelist1nvd1github1