Lucene search
GoogleOSV:GHSA-4RMR-C2JX-VX27HistoryJan 27, 2022 - 2:51 p.m.
Mustache remote code injection vulnerability
2022-01-2714:51:00
Google
osv.dev
222
0.001 Low
EPSS
Percentile
45.8%
In Mustache.php v2.0.0 through v2.14.0, Sections tag can lead to arbitrary php code execution even if strict_callables is true when section value is controllable.
References
github.com/bobthecow/mustache.php
github.com/bobthecow/mustache.php/commit/579ffa5c96e1d292c060b3dd62811ff01ad8c24e
github.com/bobthecow/mustache.php/releases/tag/v2.14.1
github.com/FriendsOfPHP/security-advisories/blob/master/mustache/mustache/CVE-2022-0323.yaml
huntr.dev/bounties/a5f5a988-aa52-4443-839d-299a63f44fb7
nvd.nist.gov/vuln/detail/CVE-2022-0323
Related
nvd
nvd
CVE-2022-0323
2022-01-21 18:15:08
github
github
Mustache remote code injection vulnerability
2022-01-27 14:51:00
huntr
huntr
None in bobthecow/mustache.php
2022-01-19 03:04:52
ubuntucve
ubuntucve
CVE-2022-0323
2022-01-21 00:00:00
nessus
nessus
FreeBSD : mustache - Possible Remote Code Execution (65847d9d-7f3e-11ec-8624-b42e991fc52e)
2022-01-30 00:00:00
Moodle 3.9.x < 3.9.16 Multiple Vulnerabilities
2023-02-20 00:00:00
Moodle 3.11.x < 3.11.9 Multiple Vulnerabilities
2023-02-20 00:00:00
osv
osv
CVE-2022-0323
2022-01-21 18:15:08
freebsd
freebsd
mustache - Possible Remote Code Execution
2022-01-20 00:00:00
cve
cve
CVE-2022-0323
2022-01-21 18:15:08
friendsofphp
friendsofphp
Possible RCE when rendering untrusted user templates
2022-01-21 06:21:37
Possible RCE when rendering untrusted user templates
2022-01-21 06:21:37
cvelist
cvelist
veracode
veracode
Command Injection
2022-01-28 03:09:27
prion
prion
Input validation
2022-01-21 18:15:00