692 matches found
CVE-2022-27263
An arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 allows attackers to execute arbitrary code via a crafted file...
CVE-2022-27263
An arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 allows attackers to execute arbitrary code via a crafted file...
Strapi 代码问题漏洞
Strapi is an open source headless content management system CMS. A security vulnerability exists in Strapi v4.1.5 that allows an attacker to execute arbitrary code via a crafted file...
strapi OS command injection vulnerability
Strapi is an open source headless content management system CMS. Strapi is vulnerable to an operating system command injection vulnerability that originates from arbitrary command injection in the GitHub repository. No detailed vulnerability details are currently available...
Remote Code Execution (RCE)
@strapi/strapi is vulnerable to remote code execution. The vulnerability exists due to a lack of sanitization of input via the version number string variable...
@depup/strapi (=2.0.2-depup.0), @jayway/tds (=0.0.1) +25 more potentially affected by CVE-2022-0764 via strapi (>=2.0.2 <=3.6.8)
strapi NPM version =2.0.2, =0.0.0, =0.0.1, =0.0.34, =1.1.0, =1.0.0, =3.6.1-0.1, =2.0.0, =2.0.2 - strapi-editorjs =0.0.1 and more Source cves: CVE-2022-0764 Source advisory: OSV:GHSA-XRJF-PHVV-R4VR...
GHSA-XRJF-PHVV-R4VR Command injection in strapi
When creating a strapi app using npxcreate-strapi-app, we can inject arbitrary commands through the template cli argument as per the code in this particular link, this happens due to improper sanitization of user input...
Command injection in strapi
When creating a strapi app using npxcreate-strapi-app, we can inject arbitrary commands through the template cli argument as per the code in this particular link, this happens due to improper sanitization of user input...
CVE-2022-0764
Arbitrary Command Injection in GitHub repository strapi/strapi prior to 4.1.0...
CVE-2022-0764
Arbitrary Command Injection in GitHub repository strapi/strapi prior to 4.1.0...
Command injection
Arbitrary Command Injection in GitHub repository strapi/strapi prior to 4.1.0...
CVE-2022-0764
Strapi (strapi/strapi) is affected by CVE-2022-0764: an OS command injection vulnerability in versions prior to 4.1.0 due to improper sanitization of user input when creating an app via the template CLI argument. Impact is arbitrary command execution with local access. Mitigation: update to 4.1.0...
CVE-2022-0764 Arbitrary Command Injection in strapi/strapi
Arbitrary Command Injection in GitHub repository strapi/strapi prior to 4.1.0...
Strapi 安全漏洞
Strapi is an open source headless content management system CMS. Strapi is vulnerable to an operating system command injection vulnerability that originates from arbitrary command injection in the GitHub repository. No detailed vulnerability details are currently available...
PT-2022-13420 · Strapi · Strapi
Name of the Vulnerable Software and Affected Versions: strapi versions prior to 4.1.0 Description: The issue is related to arbitrary command injection in the strapi repository. This occurs due to improper sanitization of user input, specifically when creating a strapi app using the template cli...
Arbitrary Command Injection
Description When creating a strapi app using npxcreate-strapi-app, we can inject arbitrary commands through the template cli argument as per the code in this particular link https://github.com/strapi/strapi/blob/master/packages/generators/app/lib/utils/fetch-npm-template.jsL13, this happens due t...
Strapi CMS 3.0.0-beta.17.4 - Set Password (Unauthenticated) Exploit
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "Strapi CMS 3.0.0-beta.17.4 - Set Password Unauthenticated Metasploit", 'Description' = %q This exploit module abuses the...
Strapi CMS 3.0.0-beta.17.4 - Set Password (Unauthenticated) (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "Strapi CMS 3.0.0-beta.17.4 - Set Password Unauthenticated Metasploit", 'Description' = %q This exploit module abuses the...
Strapi CMS 3.0.0-beta.17.4 Privilege Escalation
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "Strapi CMS 3.0.0-beta.17.4 - Set Password Unauthenticated Metasploit", 'Description' = %q This exploit module abuses the...
@cscharpf/minio-client-versioned (>=1.0.0 <=1.0.8), @iliad.dev/strapi-adapter (>=0.0.43 <=0.2.2) +46 more potentially affected by CVE-2021-23470 via putil-merge (>=1.2.0 <=3.13.0)
putil-merge NPM version =1.2.0, =1.0.0, =0.0.43, =0.6.0, =0.12.0, =0.6.0, =0.6.0, =0.6.0, =1.0.0-beta.3, =0.6.0, =0.10.0, =0.6.0, =0.93.1, =4.0.1, =4.0.1, =5.0.4 and more Source cves: CVE-2021-23470 Source advisory: OSV:GHSA-4G77-CVGW-GRVW...