17 matches found
CVE-2023-45303
ThingsBoard before 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute for content sent to the /api/admin/settings endpoint...
EUVD-2023-2677
Malicious code in bioql PyPI...
CVE-2020-7799
An issue was discovered in FusionAuth before 1.11.0. An authenticated user, allowed to edit e-mail templates Home - Settings - Email Templates or themes Home - Settings - Themes, can execute commands on the underlying operating system by abusing freemarker.template.utility.Execute in the Apache...
GHSA-6PGR-J9V4-XFVV ThingsBoard Server-Side Template Injection
ThingsBoard before 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute for content sent to the /api/admin/settings endpoint...
CVE-2023-45303
ThingsBoard before 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute for content sent to the /api/admin/settings endpoint...
CVE-2023-45303
ThingsBoard before 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute for content sent to the /api/admin/settings endpoint...
Sql injection
ThingsBoard before 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute for content sent to the /api/admin/settings endpoint...
CVE-2023-45303
ThingsBoard before 3.5 is affected by a Server-Side Template Injection via Apache FreeMarker’s freemarker.template.utility.Execute when users can modify an email template and content is sent to /api/admin/settings. Connected sources (Red Hat, OSV, GHSA, CNNVD, CVE lists) confirm the injection roo...
CVE-2023-45303
ThingsBoard before 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute for content sent to the /api/admin/settings endpoint...
CVE-2023-45303
ThingsBoard before 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute for content sent to the /api/admin/settings endpoint...
Apache FreeMarker 安全漏洞
Apache FreeMarker is a Java-based template engine from the Apache Foundation, initially focused on generating dynamic web pages using the MVC software architecture. A security vulnerability exists in Apache FreeMarker, which can be exploited by an attacker to read textual content via FreeMarker,...
FusionAuth 1.10 Remote Command Execution Vulnerability
FusionAuth versions 1.10 and below suffer from a remote command execution vulnerability. An authenticated attacker with enough privileges to access the template editing functions either site templates or e-mail templates in the FusionAuth dashboard can execute commands on the underlying operating...
CVE-2020-7799
An issue was discovered in FusionAuth before 1.11.0. An authenticated user, allowed to edit e-mail templates Home - Settings - Email Templates or themes Home - Settings - Themes, can execute commands on the underlying operating system by abusing freemarker.template.utility.Execute in the Apache...
Design/Logic Flaw
An issue was discovered in FusionAuth before 1.11.0. An authenticated user, allowed to edit e-mail templates Home - Settings - Email Templates or themes Home - Settings - Themes, can execute commands on the underlying operating system by abusing freemarker.template.utility.Execute in the Apache...
CVE-2020-7799
CVE-2020-7799 affects FusionAuth before 1.11.0. An authenticated user with access to template editing (Email Templates or Themes in the FusionAuth dashboard) can abuse freemarker.template.utility.Execute in Apache FreeMarker to execute operating system commands. The vulnerability is a command-inj...
CVE-2020-7799
An issue was discovered in FusionAuth before 1.11.0. An authenticated user, allowed to edit e-mail templates Home - Settings - Email Templates or themes Home - Settings - Themes, can execute commands on the underlying operating system by abusing freemarker.template.utility.Execute in the Apache...
FusionAuth 1.10 Remote Command Execution
@Mediaservice.net Security Advisory 2020-03 last updated on 2020-01-27 Title: FusionAuth command execution via Apache Freemarker Template Application: FusionAuth 1.10 and lower Platforms: Tested on Windows 10 and Ubuntu 19.10 Description: An authenticated attacker with enough privileges to access...