88 matches found
Server-Side Template Injection
shopware/core and shopware/platform is vulnerable to Server-Side Template Injection. The vulnerability is due to improper handling of the context variable in Twig templates, allowing attackers with Administration access to execute arbitrary PHP functions or methods...
Server-Side Template Injection (SSTI) with Grav CMS security sandbox bypass
Summary Grav CMS is vulnerable to a Server-Side Template Injection SSTI, which allows any authenticated user editor permissions are sufficient to execute arbitrary code on the remote server bypassing the existing security sandbox. Details The Grav CMS implements a custom sandbox to protect the...
GHSA-C9GP-64C4-2RRH Server-Side Template Injection (SSTI) with Grav CMS security sandbox bypass
Summary Grav CMS is vulnerable to a Server-Side Template Injection SSTI, which allows any authenticated user editor permissions are sufficient to execute arbitrary code on the remote server bypassing the existing security sandbox. Details The Grav CMS implements a custom sandbox to protect the...
VulnCheck KEV: CVE-2022-2314
The VR Calendar WordPress plugin through 2.3.2 lets any user execute arbitrary PHP functions on the site...
Jedox 2022.4.2 - Code Execution via RPC Interfaces Vulnerability
Exploit Title: Jedox 2022.4.2 - Code Execution via RPC Interfaces Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL Vendor Homepage: https://jedox.com Version: Jedox 2022.4 22.4.2 and older CVE : CVE-2022-47879 Introduction ================= A Remote...
Design/Logic Flaw
Shopware is an open source commerce platform based on Symfony Framework and Vue js. In a Twig environment without the Sandbox extension, it is possible to refer to PHP functions in twig filters like map, filter, sort. This allows a template to call any global PHP function and thus execute arbitra...
CVE-2023-22731 Improper Control of Generation of Code in Twig rendered views in shopware
Shopware is an open source commerce platform based on Symfony Framework and Vue js. In a Twig environment without the Sandbox extension, it is possible to refer to PHP functions in twig filters like map, filter, sort. This allows a template to call any global PHP function and thus execute arbitra...
ROS-20221222-05
A vulnerability in the compiling Twig template handler exists due to failure to take measures to neutralize the special elements. Exploitation of the vulnerability could allow an attacker acting remotely, affect the confidentiality, integrity and availability of protected information by running...
Unsanitized input returned in response is conducive to XSS exploitation
Description During the initial installation process it was identified that the "Create user" form that collects user data, does not properly sanitize the data entry and then prints them on the screen with an error message without any apparent validation, thus allowing the insertion of HTML or...
CVE-2022-2314
The VR Calendar WordPress plugin through 2.3.2 lets any user execute arbitrary PHP functions on the site...
VR Calendar < 2.3.2 - Unauthenticated Arbitrary Function Call
The plugin lets any user execute arbitrary PHP functions on the site. PoC https://example.com/wp-admin/admin-post.php?vrccmd=phpinfo...
WordPress Member Hero plugin code injection vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...
Authorization
The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments...
CVE-2022-0885 Member Hero <= 1.0.9 - Unauthenticated RCE
The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments...
Member Hero <= 1.0.9 - Unauthenticated RCE
The plugin lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments. PoC curl https://example.com/wp-admin/admin-ajax.php?action=memberherosendform&memberherohook=phpinfo...
Code injection in Twig
Description When in a sandbox mode, the arrow parameter of the sort filter must be a closure to avoid attackers being able to run arbitrary PHP functions. Resolution We now disallow calling non Closure in the sort filter like we already did for some other filters. Credits We would like to thank...
Remote Code Execution
getgrav/grav is vulnerable to Remote Code Execution. Twig processing does not prevent dangerous PHP functions from being called in Twig templates by default, allowing an attacker to execute arbitrary code to obtain additional privileges...
Grav's Twig processing allowing dangerous PHP functions by default
Impact Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. Patches The issue was...
GHSA-G8R4-P96J-XFXC Grav's Twig processing allowing dangerous PHP functions by default
Impact Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. Patches The issue was...
CVE-2021-29440 Twig allowing dangerous PHP functions by default
Grav is a file based Web-platform. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the...