Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
CraftCMS version 3.7.59 is vulnerable to Server-Side Template Injection (SSTI). An authenticated attacker can inject Twig Template to User Photo Location field when setting User Photo Location in User Settings, lead to Remote Code Execution. NOTE: the vendor disputes this because only Administrators can add this Twig code, and (by design) Administrators are allowed to do that by default.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
CraftCMS 代码注入漏洞
Vulnerability Description
CraftCMS是CraftCMS公司的一个内容管理系统。 CraftCMS 3.7.59版本存在代码注入漏洞,该漏洞源于容易受到服务器端模板注入 (SSTI) 的攻击,在用户设置中设置User Photo Location field 时,攻击者可以将 Twig 模板注入er Photo Location field字段,从而导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A