Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Potential Code Injection in Sprout Forms
Vulnerability Description
In Sprout Forms before 3.9.0, there is a potential Server-Side Template Injection vulnerability when using custom fields in Notification Emails which could lead to the execution of Twig code. This has been fixed in 3.9.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
Sprout Forms 注入漏洞
Vulnerability Description
Sprout Forms是一款表单构建插件。 Sprout Forms 3.9.0之前版本中存在注入漏洞。攻击者可利用该漏洞执行Twig代码。
CVSS Information
N/A
Vulnerability Type
N/A