| عنوان | sarrionandia tournatrack 0.0 Improper Neutralization of Special Elements Used in a Template E |
|---|
| الوصف | A Server - Side Template Injection (SSTI) vulnerability has been discovered in Tournatrack, a debate tournament tracker for convenors. The flaw exists in the `/checkID` endpoint where user - provided `id` input isn't properly sanitized. Malicious actors can send crafted requests with Jinja2 expressions. This could lead to information disclosure, such as configuration details or sensitive files, and even remote code execution. As of now, the issue remains unfixed in the master branch.
More details: https://github.com/sarrionandia/tournatrack/issues/86 |
|---|
| المصدر | ⚠️ https://github.com/sarrionandia/tournatrack/issues/86 |
|---|
| المستخدم | ybdesire (UID 83239) |
|---|
| ارسال | 09/04/2025 04:02 PM (1 سنة منذ) |
|---|
| الاعتدال | 18/04/2025 04:24 PM (9 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 305659 [sarrionandia tournatrack حتى 4c13a23f43da5317eea4614870a7a8510fc540ec Jinja2 Template check_id.py معرف تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|