26 matches found
Remote code execution
A Server-Side Template Injection SSTI was discovered in Form.io 2.0.0. This leads to Remote Code Execution during deletion of the default Email template URL...
Form.io 注入漏洞
Form.io is a combined forms and API platform for serverless applications from US-based Form.io. An injection vulnerability exists in Form.io version 2.0.0, which can be exploited by an attacker to execute remote code...
CVE-2020-28246
A Server-Side Template Injection SSTI was discovered in Form.io 2.0.0. This leads to Remote Code Execution during deletion of the default Email template URL. NOTE: the email templating service was removed after 2020. Additionally, the vendor disputes this issue indicating this is sandboxed and on...
PT-2022-8884 · Form.Io · Form.Io
Name of the Vulnerable Software and Affected Versions: Form.io version 2.0.0 Description: A Server-Side Template Injection SSTI issue was discovered, leading to Remote Code Execution during the deletion of the default Email template URL. The email templating service was removed after 2020. The...
CVE-2020-28246
A Server-Side Template Injection SSTI was discovered in Form.io 2.0.0. This leads to Remote Code Execution during deletion of the default Email template URL. NOTE: the email templating service was removed after 2020. Additionally, the vendor disputes this issue indicating this is sandboxed and on...
CVE-2020-28246
CVE-2020-28246 describes a Server-Side Template Injection (SSTI) in Form.io 2.0.0 that leads to Remote Code Execution during the deletion of the default Email template URL. The vulnerability stems from the SSTI in the templating flow; the email templating service was removed after 2020, and Form....