Craft CMS 3.9.14 Remote Command Execution

Craft CMS version 3.9.14 proof of concept remote command execution exploit that leverages a vulnerability discovered in 2024. ============================================================================================================================================= | Title : Craft CMS 3.9.14...

Craft CMS Twig Template Injection RCE via FTP Templates Path

This module exploits a Twig template injection vulnerability in Craft CMS by abusing the --templatesPath argument. The vulnerability allows arbitrary template loading via FTP, leading to Remote Code Execution RCE. Module Options msf use exploit/linux/http/craftcmsftptemplate msf...