Lucene search
MitreVULNRICHMENT:CVE-2020-28246HistoryMay 31, 2022 - 12:00 a.m.
CVE-2020-28246
2022-05-3100:00:00
mitre
github.com
4
cve-2020-28246
server-side template injection
form.io
remote code execution
email template
sandbox
admins
AI Score
7.8
Confidence
Low
EPSS
0.005
Percentile
77.0%
SSVC
Exploitation
none
Automatable
yes
Technical Impact
total
A Server-Side Template Injection (SSTI) was discovered in Form.io 2.0.0. This leads to Remote Code Execution during deletion of the default Email template URL. NOTE: the email templating service was removed after 2020. Additionally, the vendor disputes this issue indicating this is sandboxed and only executable by admins.
Related
osv
osv
Server-Side Template Injection in formio
2022-06-03 00:00:58
CVE-2020-28246
2022-06-02 14:15:26
cve
cve
CVE-2020-28246
2022-06-02 14:15:26
prion
prion
Remote code execution
2022-06-02 14:15:00
veracode
veracode
Remote Code Execution
2022-06-03 11:00:22
github
github
Server-Side Template Injection in formio
2022-06-03 00:00:58
cvelist
cvelist
CVE-2020-28246
2022-05-31 00:00:00
nvd
nvd
CVE-2020-28246
2022-06-02 14:15:26
AI Score
7.8
Confidence
Low
EPSS
0.005
Percentile
77.0%
SSVC
Exploitation
none
Automatable
yes
Technical Impact
total
Related for VULNRICHMENT:CVE-2020-28246