13 matches found
CVE-2023-47542
CVE-2023-47542 : Fortinet FortiManager suffers from improper neutralization of special elements used in a template engine (CWE-1336). Affects FortiManager versions 7.4.1 and below, 7.2.4 and below, and 7.0.10 and below. The issue could enable a local attacker to execute unauthorized code or comma...
CVE-2023-47542
A improper neutralization of special elements used in a template engine CWE-1336 in FortiManager versions 7.4.1 and below, versions 7.2.4 and below, and 7.0.10 and below allows attacker to execute unauthorized code or commands via specially crafted templates...
CVE-2023-47542
A improper neutralization of special elements used in a template engine CWE-1336 in FortiManager versions 7.4.1 and below, versions 7.2.4 and below, and 7.0.10 and below allows attacker to execute unauthorized code or commands via specially crafted templates...
NoneBot Potential Information Leak in User-Constructed Message Templates
Impact This security advisory pertains to a potential information leak e.g., environment variables in instances where developers utilize MessageTemplate and incorporate user-provided data into templates. Patches The identified vulnerability has been remedied in fix 2509 and will be included in...
GHSA-59J8-776V-XXXG NoneBot Potential Information Leak in User-Constructed Message Templates
Impact This security advisory pertains to a potential information leak e.g., environment variables in instances where developers utilize MessageTemplate and incorporate user-provided data into templates. Patches The identified vulnerability has been remedied in fix 2509 and will be included in...
GHSA-96XV-RMWJ-6P9W Grav Server-side Template Injection (SSTI) via Twig Default Filters
Hi, actually we have sent the bug report to [email protected] on 27th March 2023 and on 10th April 2023. Grav Server-side Template Injection SSTI via Insufficient Validation in filterFilter Summary: | Product | Grav CMS | | ----------------------- | --------------------------------------------...
FortiSOAR - Server-side Template Injection in playbook execution
An improper neutralization of special elements used in a template engine vulnerability CWE-1336 in FortiSOAR management interface may allow a remote and authenticated attacker to execute arbitrary code via a crafted payload...
CVE-2022-35847
An improper neutralization of special elements used in a template engine vulnerability CWE-1336 in FortiSOAR management interface 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.4 may allow a remote and authenticated attacker to execute arbitrary code via a crafted payload...
Input validation
An improper neutralization of special elements used in a template engine vulnerability CWE-1336 in FortiSOAR management interface 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.4 may allow a remote and authenticated attacker to execute arbitrary code via a crafted payload...
CVE-2022-35847
An improper neutralization of special elements used in a template engine vulnerability CWE-1336 in FortiSOAR management interface 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.4 may allow a remote and authenticated attacker to execute arbitrary code via a crafted payload...
CVE-2022-35847
The CVE-2022-35847 issue affects FortiSOAR management interface across multiple releases: 6.4.0–6.4.4, 7.0.0–7.0.3, and 7.2.0. It stems from improper neutralization of special elements used in a template engine (CWE-1336). A remote, authenticated attacker could craft a payload to execute arbitrar...
FortiSOAR - Server-Side Template Injection in Playbook component
An improper neutralization of special elements used in a template engine vulnerability CWE-1336 in FortiSOAR management interface may allow a remote and authenticated attacker to execute arbitrary code via a crafted payload...
iTop Remote Command Execution Exploit
!/usr/bin/env ruby Exploit Title: iTop p...