Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
verbb/formie Server-Side Template Injection for variable-enabled settings
Vulnerability Description
Formie is a Craft CMS plugin for creating forms. Prior to 2.1.6, users with access to a form's settings can include malicious Twig code into fields that support Twig. These might be the Submission Title or the Success Message. This code will then be executed upon creating a submission, or rendering the text. This has been fixed in Formie 2.1.6.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
CWE-1336
Vulnerability Title
Pixel&tonic Craft CMS 安全漏洞
Vulnerability Description
Pixel&tonic Craft CMS是美国Pixel&tonic公司的一套内容管理系统(CMS)。 Pixel&tonic Craft CMS Formie 2.1.6 之前版本存在安全漏洞,该漏洞源于有权访问表单设置的用户可以将恶意 Twig 代码包含到支持 Twig 的字段中,该代码将在创建提交或呈现文本时执行。
CVSS Information
N/A
Vulnerability Type
N/A