Yeti Platform 代码注入漏洞

Yeti Platform is an open-source daily threat intelligence platform developed by Yeti Platform. Versions of Yeti Platform prior to 2.1.12 contained a code injection vulnerability. This vulnerability stemmed from server-side template injection during the custom template export function, which could...

CVE-2024-46507

A SSTI server side template injection vulnerability in the custom template export function in yeti-platform yeti before 2.1.12 allows attackers to execute code on the application server...

CVE-2024-46507

A SSTI server side template injection vulnerability in the custom template export function in yeti-platform yeti before 2.1.12 allows attackers to execute code on the application server...

EUVD-2024-55570

A SSTI server side template injection vulnerability in the custom template export function in yeti-platform yeti before 2.1.12 allows attackers to execute code on the application server...

CVE-2024-46507

CVE-2024-46507: Yeti Platform prior to 2.1.12 contains a Server-Side Template Injection (SSTI) in the custom template export function that can lead to remote code execution on the application server. Exploitation requires valid credentials (authenticated user). Impact includes arbitrary command e...

Improper Neutralization of Special Elements Used in a Template Engine

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the export process. An attacker with export permissions can access sensitive information, including environment variables, user password hashes, serialized sessio...

WordPress Jupiter X Core plugin <= 4.8.5 - Missing Authorization to Unauthenticated Popup Template Export vulnerability

Missing Authorization to Unauthenticated Popup Template Export vulnerability discovered by Tieu Pham Trong Nhan in WordPress Plugin JupiterX Core versions = 4.8.5...

CVE-2024-12316 Jupiter X Core <= 4.8.5 - Missing Authorization to Unauthenticated Popup Template Export

The Jupiter X Core plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportpopupaction function in all versions up to, and including, 4.8.5. This makes it possible for unauthenticated attackers to export popup templates...

CVE-2024-12316 Jupiter X Core <= 4.8.5 - Missing Authorization to Unauthenticated Popup Template Export

The Jupiter X Core plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportpopupaction function in all versions up to, and including, 4.8.5. This makes it possible for unauthenticated attackers to export popup templates...