CVE-2023-49964

An issue was discovered in Hyland Alfresco Community Edition through 7.2.0. By inserting malicious content in the folder.get.html.ftl file, an attacker may perform SSTI Server-Side Template Injection attacks, which can leverage FreeMarker exposed objects to bypass restrictions and achieve RCE...

Alfresco Community Edition Security Vulnerability

Alfresco Community Edition is the U.S. Alfresco's set of open source enterprise content management system community edition. The system includes document management, office collaboration, and other features. A security vulnerability exists in Alfresco Community Edition 7.2.0 and earlier versions,...

PT-2023-8222 · Hyland · Hyland Alfresco Community Edition

Name of the Vulnerable Software and Affected Versions: Hyland Alfresco Community Edition versions through 7.2.0 Description: The issue exists due to the failure to neutralize special elements in the folder.get.html.ftl component of the Hyland Alfresco Community Edition content management system...