CVE-2023-30179
CraftCMS is affected by a Server-Side Template Injection (SSTI) in version 3.7.59, where an authenticated user can inject Twig templates into the User Photo Location in User Settings, potentially enabling Remote Code Execution. The root cause cited is lack of input validation for the Twig code in...