Lucene search
PRIOn knowledge basePRION:CVE-2023-30179HistoryJun 13, 2023 - 5:15 p.m.
Design/Logic Flaw
2023-06-1317:15:00
PRIOn knowledge base
www.prio-n.com
12
craftcms
version 3.7.59
server-side template injection
ssti
remote code execution
user photo location
twig template
user settings
administrators
DISPUTED CraftCMS version 3.7.59 is vulnerable to Server-Side Template Injection (SSTI). An authenticated attacker can inject Twig Template to User Photo Location field when setting User Photo Location in User Settings, lead to Remote Code Execution. NOTE: the vendor disputes this because only Administrators can add this Twig code, and (by design) Administrators are allowed to do that by default.
Related
veracode
veracode
Server-Side Template Injection
2023-06-23 16:03:45
cve
cve
CVE-2023-30179
2023-06-13 17:15:14
osv
osv
Withdrawn Advisory: CraftCMS Server-Side Template Injection vulnerability
2023-06-13 18:30:39
github
github
Withdrawn Advisory: CraftCMS Server-Side Template Injection vulnerability
2023-06-13 18:30:39
cvelist
cvelist
CVE-2023-30179
2023-06-13 00:00:00
nvd
nvd
CVE-2023-30179
2023-06-13 17:15:14