Lucene search
K

88 matches found

Veracode
Veracode
added 2024/08/09 5:13 a.m.16 views

Server-Side Template Injection

shopware/core and shopware/platform is vulnerable to Server-Side Template Injection. The vulnerability is due to improper handling of the context variable in Twig templates, allowing attackers with Administration access to execute arbitrary PHP functions or methods...

8.3CVSS7.4AI score0.00648EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2024/03/22 4:30 p.m.43 views

Server-Side Template Injection (SSTI) with Grav CMS security sandbox bypass

Summary Grav CMS is vulnerable to a Server-Side Template Injection SSTI, which allows any authenticated user editor permissions are sufficient to execute arbitrary code on the remote server bypassing the existing security sandbox. Details The Grav CMS implements a custom sandbox to protect the...

8.8CVSS8.7AI score0.0576EPSS
Exploits4References4Affected Software1
OSV
OSV
added 2024/03/22 4:30 p.m.46 views

GHSA-C9GP-64C4-2RRH Server-Side Template Injection (SSTI) with Grav CMS security sandbox bypass

Summary Grav CMS is vulnerable to a Server-Side Template Injection SSTI, which allows any authenticated user editor permissions are sufficient to execute arbitrary code on the remote server bypassing the existing security sandbox. Details The Grav CMS implements a custom sandbox to protect the...

8.8CVSS9.2AI score0.0576EPSS
Exploits4References4
VulnCheck KEV
VulnCheck KEV
added 2024/01/01 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-2314

The VR Calendar WordPress plugin through 2.3.2 lets any user execute arbitrary PHP functions on the site...

9.8CVSS7.5AI score0.12442EPSS
Exploits2References1
0day.today
0day.today
added 2023/05/05 12:0 a.m.230 views

Jedox 2022.4.2 - Code Execution via RPC Interfaces Vulnerability

Exploit Title: Jedox 2022.4.2 - Code Execution via RPC Interfaces Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL Vendor Homepage: https://jedox.com Version: Jedox 2022.4 22.4.2 and older CVE : CVE-2022-47879 Introduction ================= A Remote...

7.5CVSS7.6AI score0.06741EPSS
Exploits7
Prion
Prion
added 2023/01/17 10:15 p.m.13 views

Design/Logic Flaw

Shopware is an open source commerce platform based on Symfony Framework and Vue js. In a Twig environment without the Sandbox extension, it is possible to refer to PHP functions in twig filters like map, filter, sort. This allows a template to call any global PHP function and thus execute arbitra...

6.5CVSS8.8AI score0.01333EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/01/17 9:31 p.m.51 views

CVE-2023-22731 Improper Control of Generation of Code in Twig rendered views in shopware

Shopware is an open source commerce platform based on Symfony Framework and Vue js. In a Twig environment without the Sandbox extension, it is possible to refer to PHP functions in twig filters like map, filter, sort. This allows a template to call any global PHP function and thus execute arbitra...

9.9CVSS9.5AI score0.01333EPSS
Exploits0References3
Redos
Redos
added 2022/12/22 12:0 a.m.13 views

ROS-20221222-05

A vulnerability in the compiling Twig template handler exists due to failure to take measures to neutralize the special elements. Exploitation of the vulnerability could allow an attacker acting remotely, affect the confidentiality, integrity and availability of protected information by running...

9.8CVSS6.9AI score0.08209EPSS
Exploits3
Huntr
Huntr
added 2022/12/20 1:8 p.m.27 views

Unsanitized input returned in response is conducive to XSS exploitation

Description During the initial installation process it was identified that the "Create user" form that collects user data, does not properly sanitize the data entry and then prints them on the screen with an error message without any apparent validation, thus allowing the insertion of HTML or...

5.8CVSS6.1AI score0.00577EPSS
Exploits1References3
OSV
OSV
added 2022/08/15 11:21 a.m.13 views

CVE-2022-2314

The VR Calendar WordPress plugin through 2.3.2 lets any user execute arbitrary PHP functions on the site...

9.8CVSS6AI score0.12442EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2022/07/22 12:0 a.m.81 views

VR Calendar < 2.3.2 - Unauthenticated Arbitrary Function Call

The plugin lets any user execute arbitrary PHP functions on the site. PoC https://example.com/wp-admin/admin-post.php?vrccmd=phpinfo...

9.8CVSS1.3AI score0.12442EPSS
Exploits2Affected Software1
CNVD
CNVD
added 2022/06/15 12:0 a.m.38 views

WordPress Member Hero plugin code injection vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

9.8CVSS9.6AI score0.09105EPSS
Exploits2References1
Prion
Prion
added 2022/06/13 1:15 p.m.19 views

Authorization

The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments...

7.5CVSS9.4AI score0.09105EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2022/06/13 12:41 p.m.28 views

CVE-2022-0885 Member Hero <= 1.0.9 - Unauthenticated RCE

The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments...

9.8AI score0.09105EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2022/05/18 12:0 a.m.18 views

Member Hero <= 1.0.9 - Unauthenticated RCE

The plugin lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments. PoC curl https://example.com/wp-admin/admin-ajax.php?action=memberherosendform&memberherohook=phpinfo...

9.8CVSS3.1AI score0.09105EPSS
Exploits2Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/10 10:21 p.m.48 views

Code injection in Twig

Description When in a sandbox mode, the arrow parameter of the sort filter must be a closure to avoid attackers being able to run arbitrary PHP functions. Resolution We now disallow calling non Closure in the sort filter like we already did for some other filters. Credits We would like to thank...

9.8CVSS3.5AI score0.08209EPSS
Exploits3References12Affected Software1
Veracode
Veracode
added 2021/04/19 9:30 a.m.25 views

Remote Code Execution

getgrav/grav is vulnerable to Remote Code Execution. Twig processing does not prevent dangerous PHP functions from being called in Twig templates by default, allowing an attacker to execute arbitrary code to obtain additional privileges...

8.4CVSS5.8AI score0.30623EPSS
Exploits5References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/16 7:53 p.m.123 views

Grav's Twig processing allowing dangerous PHP functions by default

Impact Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. Patches The issue was...

8.4CVSS2.2AI score0.30623EPSS
Exploits5References6Affected Software1
OSV
OSV
added 2021/04/16 7:53 p.m.20 views

GHSA-G8R4-P96J-XFXC Grav's Twig processing allowing dangerous PHP functions by default

Impact Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. Patches The issue was...

8.4CVSS7.6AI score0.30623EPSS
Exploits5References5
Cvelist
Cvelist
added 2021/04/13 7:55 p.m.46 views

CVE-2021-29440 Twig allowing dangerous PHP functions by default

Grav is a file based Web-platform. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the...

8.4CVSS8.9AI score0.30623EPSS
Exploits5References4
Rows per page
Query Builder