3 matches found
FusionAuth 1.10 Remote Command Execution Vulnerability
FusionAuth versions 1.10 and below suffer from a remote command execution vulnerability. An authenticated attacker with enough privileges to access the template editing functions either site templates or e-mail templates in the FusionAuth dashboard can execute commands on the underlying operating...
CVE-2020-7799
CVE-2020-7799 affects FusionAuth before 1.11.0. An authenticated user with access to template editing (Email Templates or Themes in the FusionAuth dashboard) can abuse freemarker.template.utility.Execute in Apache FreeMarker to execute operating system commands. The vulnerability is a command-inj...
FusionAuth 1.10 Remote Command Execution
@Mediaservice.net Security Advisory 2020-03 last updated on 2020-01-27 Title: FusionAuth command execution via Apache Freemarker Template Application: FusionAuth 1.10 and lower Platforms: Tested on Windows 10 and Ubuntu 19.10 Description: An authenticated attacker with enough privileges to access...