13 matches found
CVE-2023-47542
A improper neutralization of special elements used in a template engine CWE-1336 in FortiManager versions 7.4.1 and below, versions 7.2.4 and below, and 7.0.10 and below allows attacker to execute unauthorized code or commands via specially crafted templates...
CVE-2023-47542
A improper neutralization of special elements used in a template engine CWE-1336 in FortiManager versions 7.4.1 and below, versions 7.2.4 and below, and 7.0.10 and below allows attacker to execute unauthorized code or commands via specially crafted templates...
CVE-2023-47542
CVE-2023-47542 : Fortinet FortiManager suffers from improper neutralization of special elements used in a template engine (CWE-1336). Affects FortiManager versions 7.4.1 and below, 7.2.4 and below, and 7.0.10 and below. The issue could enable a local attacker to execute unauthorized code or comma...
NoneBot Potential Information Leak in User-Constructed Message Templates
Impact This security advisory pertains to a potential information leak e.g., environment variables in instances where developers utilize MessageTemplate and incorporate user-provided data into templates. Patches The identified vulnerability has been remedied in fix 2509 and will be included in...
GHSA-59J8-776V-XXXG NoneBot Potential Information Leak in User-Constructed Message Templates
Impact This security advisory pertains to a potential information leak e.g., environment variables in instances where developers utilize MessageTemplate and incorporate user-provided data into templates. Patches The identified vulnerability has been remedied in fix 2509 and will be included in...
GHSA-96XV-RMWJ-6P9W Grav Server-side Template Injection (SSTI) via Twig Default Filters
Hi, actually we have sent the bug report to [email protected] on 27th March 2023 and on 10th April 2023. Grav Server-side Template Injection SSTI via Insufficient Validation in filterFilter Summary: | Product | Grav CMS | | ----------------------- | --------------------------------------------...
FortiSOAR - Server-side Template Injection in playbook execution
An improper neutralization of special elements used in a template engine vulnerability CWE-1336 in FortiSOAR management interface may allow a remote and authenticated attacker to execute arbitrary code via a crafted payload...
CVE-2022-35847
An improper neutralization of special elements used in a template engine vulnerability CWE-1336 in FortiSOAR management interface 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.4 may allow a remote and authenticated attacker to execute arbitrary code via a crafted payload...
Input validation
An improper neutralization of special elements used in a template engine vulnerability CWE-1336 in FortiSOAR management interface 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.4 may allow a remote and authenticated attacker to execute arbitrary code via a crafted payload...
CVE-2022-35847
The CVE-2022-35847 issue affects FortiSOAR management interface across multiple releases: 6.4.0–6.4.4, 7.0.0–7.0.3, and 7.2.0. It stems from improper neutralization of special elements used in a template engine (CWE-1336). A remote, authenticated attacker could craft a payload to execute arbitrar...
CVE-2022-35847
An improper neutralization of special elements used in a template engine vulnerability CWE-1336 in FortiSOAR management interface 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.4 may allow a remote and authenticated attacker to execute arbitrary code via a crafted payload...
FortiSOAR - Server-Side Template Injection in Playbook component
An improper neutralization of special elements used in a template engine vulnerability CWE-1336 in FortiSOAR management interface may allow a remote and authenticated attacker to execute arbitrary code via a crafted payload...
iTop Remote Command Execution Exploit
!/usr/bin/env ruby Exploit Title: iTop p...