| Title | sarrionandia tournatrack 0.0 Improper Neutralization of Special Elements Used in a Template E |
|---|
| Description | A Server - Side Template Injection (SSTI) vulnerability has been discovered in Tournatrack, a debate tournament tracker for convenors. The flaw exists in the `/checkID` endpoint where user - provided `id` input isn't properly sanitized. Malicious actors can send crafted requests with Jinja2 expressions. This could lead to information disclosure, such as configuration details or sensitive files, and even remote code execution. As of now, the issue remains unfixed in the master branch.
More details: https://github.com/sarrionandia/tournatrack/issues/86 |
|---|
| Source | ⚠️ https://github.com/sarrionandia/tournatrack/issues/86 |
|---|
| User | ybdesire (UID 83239) |
|---|
| Submission | 04/09/2025 16:02 (1 Year ago) |
|---|
| Moderation | 04/18/2025 16:24 (9 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 305659 [sarrionandia tournatrack up to 4c13a23f43da5317eea4614870a7a8510fc540ec Jinja2 Template check_id.py ID injection] |
|---|
| Points | 20 |
|---|