CVE-2020-15247

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.469, an authenticated backend user with the cms.managepages, cms.managelayouts, or cms.managepartials permissions who would normally not be...

Potential Code Injection in Sprout Forms

Impact A potential Server-Side Template Injection vulnerability exists in Sprout Forms which could lead to the execution of Twig code. Patches The problem is fixed inbarrelstrength/sprout-forms:v3.9.0 which upgrades to barrelstrength/sprout-base-email:v1.2.7 Workarounds Users unable to upgrade...

GHSA-PX8V-HXXX-2RGH Potential Code Injection in Sprout Forms

Impact A potential Server-Side Template Injection vulnerability exists in Sprout Forms which could lead to the execution of Twig code. Patches The problem is fixed inbarrelstrength/sprout-forms:v3.9.0 which upgrades to barrelstrength/sprout-base-email:v1.2.7 Workarounds Users unable to upgrade...

Server-Side Template Injection (SSTI)

barrelstrength/sprout-base-email is vulnerable to server-side template injection. An attacker is able to inject arbitrary template and execute Twig code on the server...

Sprout Forms Code Injection Vulnerability

Sprout Forms is a form builder plugin. A code injection vulnerability exists in Sprout Forms versions prior to 3.9.0. An attacker can exploit this vulnerability to execute Twig code...

CVE-2020-11056

In Sprout Forms before 3.9.0, there is a potential Server-Side Template Injection vulnerability when using custom fields in Notification Emails which could lead to the execution of Twig code. This has been fixed in 3.9.0...

CVE-2020-11056

In Sprout Forms before 3.9.0, there is a potential Server-Side Template Injection vulnerability when using custom fields in Notification Emails which could lead to the execution of Twig code. This has been fixed in 3.9.0...

Template injection

In Sprout Forms before 3.9.0, there is a potential Server-Side Template Injection vulnerability when using custom fields in Notification Emails which could lead to the execution of Twig code. This has been fixed in 3.9.0...

CVE-2020-11056 Potential Code Injection in Sprout Forms

In Sprout Forms before 3.9.0, there is a potential Server-Side Template Injection vulnerability when using custom fields in Notification Emails which could lead to the execution of Twig code. This has been fixed in 3.9.0...

CVE-2020-11056

In Sprout Forms below version 3.9.0, there is a Server-Side Template Injection vulnerability when using custom fields in Notification Emails that can lead to execution of Twig code. Root cause: unsafely interpolating user-controlled fields in email templates, enabling Twig execution. Impact descr...

Server Side Template Injection (SSTI)

nystudio107/seomatic is vulnerable to server side template injection SSTI. The vulnerability is possible through sending requests that don't match any elements, leading to the generation of incorrect canonicalUrl , and execution of Twig code...

CVE-2018-14716

A Server Side Template Injection SSTI was discovered in the SEOmatic plugin before 3.1.4 for Craft CMS, because requests that don't match any elements incorrectly generate the canonicalUrl, and can lead to execution of Twig code...

Code injection

A Server Side Template Injection SSTI was discovered in the SEOmatic plugin before 3.1.4 for Craft CMS, because requests that don't match any elements incorrectly generate the canonicalUrl, and can lead to execution of Twig code...

CVE-2018-14716

A Server Side Template Injection SSTI was discovered in the SEOmatic plugin before 3.1.4 for Craft CMS, because requests that don't match any elements incorrectly generate the canonicalUrl, and can lead to execution of Twig code...