Sql injection

2022-02-1121:15:00

PRIOn knowledge base

www.prio-n.com

9.6 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.0%

JSON

A Server-Side Template Injection (SSTI) vulnerability in the Registration and Forgotten Password forms of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted payload entered into the fullname parameter.

CPENameOperatorVersion
magnolia_cmslt6.2.4

CPE	Name	Operator	Version
	magnolia_cms	lt	6.2.4

References

docs.magnolia-cms.com/product-docs/6.2/Releases/Release-notes-for-Magnolia-CMS-6.2.4.html

github.com/DrunkenShells/Disclosures/tree/master/CVE-2021-46362-Unauthenticated%20SSTI-Magnolia%20CMS