Akaunting 3.1.8 - Server-Side Template Injection (SSTI)

Exploit Title: Akaunting 3.1.8 - Server-Side Template Injection SSTI Exploit Author: tmrswrr Date: 30/05/2024 Vendor: https://akaunting.com/forum Software Link: https://akaunting.com/apps/crm Vulnerable Versions: 3.1.8 Tested : https://www.softaculous.com/apps/erp/Akaunting 1 Login with admin cre...

CMS Made Simple 2.2.19 Server-Side Template Injection Vulnerability

Exploit Title: CMS Made Simple Version: 2.2.19 - SSTI Exploit Author: tmrswrr Vendor Homepage: https://www.cmsmadesimple.org/ Version: 2.2.19 Tested on: https://www.softaculous.com/demos/CMSMadeSimple 1 log in as admin and go to Layout Design Manager Breadcrumbs 2 Click edit and write SSTI payloa...

Winter CMS 1.2.2 Server-Side Template Injection

Exploit Title: Winter CMS 1.2.2 - Server-Side Template Injection SSTI Authenticated Exploit Author: tmrswrr Date: 12/05/2023 Vendor: https://wintercms.com/ Software Link: https://github.com/wintercms/winter/releases/v1.2.2 Vulnerable Versions: 1.2.2 Tested :...

Grav Server Side Template Injection (SSTI) vulnerability

Summary I found an RCERemote Code Execution by SSTI in the admin screen. Details Remote Code Execution is possible by embedding malicious PHP code on the administrator screen by a user with page editing privileges. PoC 1. Log in to the administrator screen and access the edit screen of the defaul...