Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A Server-Side Template Injection (SSTI) vulnerability in the /reporting/templates/preview/ endpoint of Amidaware Tactical RMM, affecting versions equal to or earlier than v1.3.1, allows low-privileged users with Report Viewer or Report Manager permissions to achieve remote command execution on the server. This occurs due to improper sanitization of the template_md parameter, enabling direct injection of Jinja2 templates. This occurs due to misuse of the generate_html() function, the user-controlled value is inserted into `env.from_string`, a function that processes Jinja2 templates arbitrarily, making an SSTI possible.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Tactical RMM 安全漏洞
Vulnerability Description
Tactical RMM是AmidaWare Inc.开源的一个远程监控和管理工具。 Tactical RMM v1.3.1及之前版本存在安全漏洞,该漏洞源于对template_md参数清理不当,可能导致服务器端模板注入和远程命令执行。
CVSS Information
N/A
Vulnerability Type
N/A