CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32406
https://notcve.org/view.php?id=CVE-2024-32406
26 Apr 2024 — Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1 allows a remote attacker to execute arbitrary code via a crafted payload to the Batch-Issue Exam Tickets function. La vulnerabilidad de inyección de plantilla del lado del servidor (SSTI) en inducer relate anterior a v.2024.1 permite a un atacante remoto ejecutar código arbitrario a través de un payload manipulado para la función de emisión de tickets de examen por lotes. • https://packetstormsecurity.com/files/178251/Relate-Learning-And-Teaching-System-SSTI-Remote-Code-Execution.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32404
https://notcve.org/view.php?id=CVE-2024-32404
26 Apr 2024 — Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1, allows remote attackers to execute arbitrary code via a crafted payload to the Markup Sandbox feature. La vulnerabilidad de inyección de plantilla del lado del servidor (SSTI) en inducer related anterior a v.2024.1 permite a atacantes remotos ejecutar código arbitrario a través de una carga útil manipulada para la función Markup Sandbox. • https://packetstormsecurity.com/2404-exploits/rlts-sstexec.txt • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32407
https://notcve.org/view.php?id=CVE-2024-32407
22 Apr 2024 — An issue in inducer relate before v.2024.1 allows a remote attacker to execute arbitrary code via a crafted payload to the Page Sandbox feature. Un problema en Inducer Relate anterior a v.2024.1 permite a un atacante remoto ejecutar código arbitrario a través de un payload manipulado para la función Page Sandbox. • https://book.hacktricks.xyz/v/jp/pentesting-web/ssti-server-side-template-injection • CWE-918: Server-Side Request Forgery (SSRF) CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32405
https://notcve.org/view.php?id=CVE-2024-32405
22 Apr 2024 — Cross Site Scripting vulnerability in inducer relate before v.2024.1 allows a remote attacker to escalate privileges via a crafted payload to the Answer field of InlineMultiQuestion parameter on Exam function. Una vulnerabilidad de Cross Site Scripting en Inducer Relate anterior a v.2024.1 permite a un atacante remoto escalar privilegios a través de un payload manipulado al campo Respuesta del parámetro InlineMultiQuestion en la función Examen. • https://cxsecurity.com/issue/WLB-2024040051 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •