Server-Side Template Injection
Craft CMS is vulnerable to Server-Side Template Injection. The vulnerability is due to unsafe exposure of the create Twig function enabling arbitrary object instantiation combined with a Symfony Process gadget chain, which allows an attacker to execute arbitrary code on the server...