1 results (0.002 seconds)
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56363 – APTRS has SSTI vulnerability
https://notcve.org/view.php?id=CVE-2024-56363
23 Dec 2024 — APTRS (Automated Penetration Testing Reporting System) is a Python and Django-based automated reporting tool designed for penetration testers and security organizations. In 1.0, there is a vulnerability in the web application's handling of user-supplied input that is incorporated into a Jinja2 template. Specifically, when user input is improperly sanitized or validated, an attacker can inject Jinja2 syntax into the template, causing the server to execute arbitrary code. For example, an attacker might be abl... • https://github.com/APTRS/APTRS/commit/9f6b6e4a56a9119eb12126a4909441e83b6d7c11 • CWE-97: Improper Neutralization of Server-Side Includes (SSI) Within a Web Page •