2 matches found
CVE-2023-49964
An issue was discovered in Hyland Alfresco Community Edition through 7.2.0. By inserting malicious content in the folder.get.html.ftl file, an attacker may perform SSTI Server-Side Template Injection attacks, which can leverage FreeMarker exposed objects to bypass restrictions and achieve RCE...
The vulnerability in the Crafter CMS content management system’s /scripts/*, /templates/*, and /.git/* directories allows a hacker to read the textual content through FreeMarker.
The vulnerability of /scripts/, /templates/, and /.git/ in the Crafter CMS content management system is related to security configuration errors. Exploiting this vulnerability allows a malicious actor to read the textual content through FreeMarker remotely...