| Titolo | flute-cms.com Web-based CMS for server games written on PHP v0.2.2.4-alpha SSTi |
|---|
| Descrizione | v0.2.2.4-alpha Download Source Code: https://github.com/Flute-CMS/cms
In the creation of "Notifications," the website has predefined four templates for the notification content: {name}, {login}, {email}, and {balance}. However, upon analyzing the PHP code, it is revealed that inserting other template injection statements into the content can still be executed, for example, {system("whoami")}. |
|---|
| Fonte | ⚠️ https://github.com/DeepMountains/Mirage/blob/main/CVE5-3.md |
|---|
| Utente | Dee.Mirage (UID 71702) |
|---|
| Sottomissione | 18/07/2024 05:03 (2 anni fa) |
|---|
| Moderazione | 20/07/2024 12:06 (2 days later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 272069 [Flute CMS 0.2.2.4-alpha Notification ContentParser.php replaceContent escalationi di privilegi] |
|---|
| Punti | 20 |
|---|