| 제목 | ctcms 2.1.2 Command Injection |
|---|
| 설명 | CTCMS (Ctcms video system) version 2.1.2 contains a Server-Side Template Injection (SSTI) vulnerability in the backend template management functionality. An authenticated administrator can edit templates and inject malicious template syntax, leading to remote code execution.The vulnerability exists in the template management module. When an administrator edits template files (such as head.html), the system processes template syntax without proper sanitization. By injecting malicious template code containing PHP functions like eval(), an attacker can achieve remote code execution when the template is rendered. |
|---|
| 원천 | ⚠️ https://note-hxlab.wetolink.com/share/Ros8ZIeCLQrN |
|---|
| 사용자 | airrudder (UID 25092) |
|---|
| 제출 | 2025. 12. 05. AM 09:00 (6 개월 ago) |
|---|
| 모더레이션 | 2025. 12. 15. PM 06:02 (10 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 336488 [CTCMS Content Management System 까지 2.1.2 Frontend/Template Management CT_Parser.php 권한 상승] |
|---|
| 포인트들 | 20 |
|---|