Page 3 of 21 results (0.002 seconds)
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19907
https://notcve.org/view.php?id=CVE-2018-19907
06 Dec 2018 — A Server-Side Template Injection issue was discovered in Crafter CMS 3.0.18. Attackers with developer privileges may execute OS commands by Creating/Editing a template file (.ftl filetype) that triggers a call to freemarker.template.utility.Execute in the FreeMarker library during rendering of a web page. Se ha descubierto un problema de inyección de plantillas del lado del servidor en Crafter CMS 3.0.18. Los atacantes con privilegios de desarrollador podrían ejecutar comandos del sistema operativo creando/... • https://github.com/craftercms/craftercms/issues/2677 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •