漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
CraftCMS version 3.7.59 is vulnerable to Server-Side Template Injection (SSTI). An authenticated attacker can inject Twig Template to User Photo Location field when setting User Photo Location in User Settings, lead to Remote Code Execution. NOTE: the vendor disputes this because only Administrators can add this Twig code, and (by design) Administrators are allowed to do that by default.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
CraftCMS 代码注入漏洞
Vulnerability Description
CraftCMS是CraftCMS公司的一个内容管理系统。 CraftCMS 3.7.59版本存在代码注入漏洞,该漏洞源于容易受到服务器端模板注入 (SSTI) 的攻击,在用户设置中设置User Photo Location field 时,攻击者可以将 Twig 模板注入er Photo Location field字段,从而导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A