| Titel | flute-cms.com Web-based CMS for server games written on PHP v0.2.2.4-alpha SSTi |
|---|
| Beschreibung | v0.2.2.4-alpha Download Source Code: https://github.com/Flute-CMS/cms
In the creation of "Notifications," the website has predefined four templates for the notification content: {name}, {login}, {email}, and {balance}. However, upon analyzing the PHP code, it is revealed that inserting other template injection statements into the content can still be executed, for example, {system("whoami")}. |
|---|
| Quelle | ⚠️ https://github.com/DeepMountains/Mirage/blob/main/CVE5-3.md |
|---|
| Benutzer | Dee.Mirage (UID 71702) |
|---|
| Einreichung | 18.07.2024 05:03 (vor 2 Jahren) |
|---|
| Moderieren | 20.07.2024 12:06 (2 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 272069 [Flute CMS 0.2.2.4-alpha Notification ContentParser.php replaceContent erweiterte Rechte] |
|---|
| Punkte | 20 |
|---|