21 matches found
GHSA-X7M9-MWC2-G6W2 Formie: Pre-authenticated server-side template injection in Hidden fields
Impact - Unauthenticated users could submit crafted values into Hidden fields with Default value → Custom that were evaluated as Twig during submission handling, which could lead to serious compromise of the Craft site depending on template/sandbox behavior. - Sites with public Formie forms that...
RCE via SSTI for users with permissions to access the Craft CMS Webhooks plugin
The Webhooks plugin renders user-supplied template content through Twig’s renderString function without sandbox protection. This allows an authenticated user with access to the Craft control panel and permissions to access the Webhooks plugin to inject Twig template code that calls arbitrary PHP...
GHSA-V47Q-JXVR-P68X Craft CMS Vulnerable to Authenticated RCE via "craft.app.fs.write()" in Twig Templates
Summary An authenticated administrator can achieve Remote Code Execution RCE by injecting a Server-Side Template Injection SSTI payload into Twig template fields e.g., Email Templates. By calling the craft.app.fs.write method, an attacker can write a malicious PHP script to a web-accessible...
CVE-2025-68454 Craft CMS vulnerable to potential authenticated Remote Code Execution via Twig SSTI
Craft is a platform for creating digital experiences. Versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16 are vulnerable to potential authenticated Remote Code Execution via Twig SSTI. For this to work, users must have administrator access to the Craft Control Panel, and...
📄 Craft CMS 5.0 Twig Template Injection Scanner
This is a mass scanning script for the Craft CMS version 5.0 Twig template injection vulnerability. ============================================================================================================================================= | Title : Craft CMS 5.0 Twig Template Injection – Mass...
📄 Grav CMS 1.7.49.5 Sandbox Bypass
This code is a standalone PHP proof of concept exploit targeting Grav CMS version 1.7.49.5 that demonstrates an authenticated remote code execution vulnerability caused by a Twig server-side template injection combined with a sandbox bypass...
GHSA-858Q-77WX-HHX6 Grav vulnerable to Privilege Escalation and Authenticated Remote Code Execution via Twig Injection
Summary A user with admin panel access and permissions to create or edit pages in Grav CMS can enable Twig processing in the page frontmatter. By injecting malicious Twig expressions, the user can escalate their privileges to admin or execute arbitrary system commands via the scheduler API. This...
Grav vulnerable to Privilege Escalation and Authenticated Remote Code Execution via Twig Injection
Summary A user with admin panel access and permissions to create or edit pages in Grav CMS can enable Twig processing in the page frontmatter. By injecting malicious Twig expressions, the user can escalate their privileges to admin or execute arbitrary system commands via the scheduler API. This...
Arbitrary Code Injection
Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Arbitrary Code Injection via the Twig object when maliciously crafted template directives are injected into a web page. An attacker can execut...
CVE-2025-66297 Grav vulnerable to Privilege Escalation and Authenticated Remote Code Execution via Twig Injection
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a user with admin panel access and permissions to create or edit pages in Grav CMS can enable Twig processing in the page frontmatter. By injecting malicious Twig expressions, the user can escalate their privileges to admin or execute...
CVE-2025-66297 Grav vulnerable to Privilege Escalation and Authenticated Remote Code Execution via Twig Injection
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a user with admin panel access and permissions to create or edit pages in Grav CMS can enable Twig processing in the page frontmatter. By injecting malicious Twig expressions, the user can escalate their privileges to admin or execute...
CVE-2025-66297 Grav vulnerable to Privilege Escalation and Authenticated Remote Code Execution via Twig Injection
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a user with admin panel access and permissions to create or edit pages in Grav CMS can enable Twig processing in the page frontmatter. By injecting malicious Twig expressions, the user can escalate their privileges to admin or execute...
EUVD-2024-50974
Malicious code in bioql PyPI...
CraftCMS 安全漏洞
CraftCMS is a content management system from CraftCMS, Inc. A security vulnerability exists in CraftCMS versions 4.0.0-RC1 through 4.16.5 and 5.0.0-RC1 through 5.8.6, which stems from a Twig SSTI that could lead to remote code execution...
CVE-2024-12583 Dynamics 365 Integration <= 1.3.23 - Authenticated (Contributor+) Remote Code Execution and Arbitrary File Read via Twig Server-Side Template Injection
The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and Arbitrary File Read in all versions up to, and including, 1.3.23 via Twig Server-Side Template Injection. This is due to missing input validation and sanitization on the render function. This makes it...
PT-2025-1899 · Microsoft · Dynamics 365 Integration Plugin For Wordpress
Name of the Vulnerable Software and Affected Versions: Dynamics 365 Integration plugin for WordPress version 1.3.23 and earlier Description: The issue is related to Remote Code Execution and Arbitrary File Read due to missing input validation and sanitization on the render function, allowing...
EUVD-2024-48106
The Appointment Booking Calendar WordPress plugin before 1.6.7.43 does not escape template syntax provided via user input, leading to Twig Template Injection which further exploited can result to remote code Execution by high privilege such as admins...
CVE-2024-6386
The WPML plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.6.12 via the Twig Server-Side Template Injection. This is due to missing input validation and sanitization on the render function. This makes it possible for authenticated attackers, with...
CVE-2024-6386 WPML Multilingual CMS <= 4.6.12 - Authenticated (Contributor+) Remote Code Execution via Twig Server-Side Template Injection
The WPML plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.6.12 via Twig Server-Side Template Injection. This is due to missing input validation and sanitization on the render function. This makes it possible for authenticated attackers, with...
PT-2024-5841
Name of the Vulnerable Software and Affected Versions WPML versions up to, and including, 4.6.12 Description The WPML plugin for WordPress is vulnerable to Remote Code Execution via the Twig Server-Side Template Injection. This is due to missing input validation and sanitization on the render...