Lucene search

[email protected]NVD:CVE-2024-32406

HistoryApr 26, 2024 - 4:15 a.m.

CVE-2024-32406

2024-04-2604:15:09

CWE-94

[email protected]

web.nvd.nist.gov

server-side template injection

inducer relate

batch-issue exam tickets

arbitrary code

remote attacker

crafted payload

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.2%

JSON

Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1 allows a remote attacker to execute arbitrary code via a crafted payload to the Batch-Issue Exam Tickets function.

References

packetstormsecurity.com/files/178251/Relate-Learning-And-Teaching-System-SSTI-Remote-Code-Execution.html

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for NVD:CVE-2024-32406

cvelist1 cve1