Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection
Vulnerability Description
Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via server-side template injection which, when executed as root, can result in full takeover of the affected system. As of time of publication, no patched version exists, nor have any known workarounds been disclosed.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
CWE-1336
Vulnerability Title
Adfinis Document Merge Service 安全漏洞
Vulnerability Description
Adfinis Document Merge Service是Adfinis公司的一个合并文档模板服务。 Adfinis Document Merge Service 6.5.1 及之前版本存在安全漏洞,该漏洞源于允许攻击者通过服务器端模板注入进行的远程代码执行攻击,当以 root 身份执行时,可能会导致受影响系统的完全接管。
CVSS Information
N/A
Vulnerability Type
N/A