4 matches found
CVE-2023-26546
European Chemicals Agency IUCLID before 6.27.6 allows remote authenticated users to execute arbitrary code via Server Side Template Injection SSTI with a crafted template file. The attacker must have template manager permission...
CVE-2023-26546
creationtimestamp| type| source ---|---|--- 2023-05-03 00:30:32+00:00| seen| https://t.me/cibsecurity/63181...
CVE-2023-26546
CVE-2023-26546 : IUCLID versions prior to 6.27.6 are vulnerable to Server Side Template Injection (SSTI). Remote authenticated users with template manager permission can execute arbitrary code via a crafted template file. Root cause is SSTI in the template handling. A fix exists in IUCLID 6.27.6 ...
CVE-2023-26546
European Chemicals Agency IUCLID before 6.27.6 allows remote authenticated users to execute arbitrary code via Server Side Template Injection SSTI with a crafted template file. The attacker must have template manager permission...