CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 2CVE-2023-1191 – fastcms ZIP File TemplateController.java path traversal
https://notcve.org/view.php?id=CVE-2023-1191
A vulnerability classified as problematic has been found in fastcms. This affects an unknown part of the file admin/TemplateController.java of the component ZIP File Handler. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/ha1yuYiqiyinHangzhouTechn0logy/fastcms/blob/main/README.md https://github.com/my-fastcms/fastcms/issues/1 https://vuldb.com/?ctiid.222363 https://vuldb.com/?id.222363 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4300 – FastCMS Template edit injection
https://notcve.org/view.php?id=CVE-2022-4300
A vulnerability was found in FastCMS. It has been rated as critical. This issue affects some unknown processing of the file /template/edit of the component Template Handler. The manipulation leads to injection. The attack may be initiated remotely. • https://github.com/Ha0Liu/cveAdd/blob/developer/fastcms%E6%A8%A1%E7%89%88%E6%B3%A8%E5%85%A5/fastcms%20template%20injection%20vulnerability.md https://vuldb.com/?id.214901 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-707: Improper Neutralization •