| Titre | 1024-lab SmartAdmin ≤3.29 Server-Side Template Injection |
|---|
| Description | Smart Admin V3 is vulnerable to Server-Side Template Injection (SSTI) in its email template rendering functionality. The application uses the Apache FreeMarker template engine to render email templates stored in the database. An attacker with the ability to modify the `t_mail_template` table’s `template_content` field can inject arbitrary FreeMarker expressions that will be executed on the server when the email is sent.
This vulnerability allows remote code execution (RCE) with the privileges of the application server, leading to complete system compromise. |
|---|
| La source | ⚠️ https://www.notion.so/SmartAdmin-Server-Side-Template-Injection-SSTI-in-Email-Template-Rendering-310ea92a3c418087ac63ec8e5a061b62 |
|---|
| Utilisateur | din4 (UID 50867) |
|---|
| Soumission | 24/02/2026 14:52 (il y a 1 mois) |
|---|
| Modérer | 07/03/2026 18:42 (11 days later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 349703 [1024-lab/lab1024 SmartAdmin jusqu’à 3.29 FreeMarker Template MailService.java freemarkerResolverContent template_content élévation de privilèges] |
|---|
| Points | 17 |
|---|