CVE-2024-27623

Sažetak

CMS Made Simple version 2.2.19 is vulnerable to Server-Side Template Injection (SSTI). The vulnerability exists within the Design Manager, particularly when editing the Breadcrumbs.

Reference

https://github.com/capture0x/CMSMadeSimple2
https://github.com/capture0x/CMSMadeSimple2
https://www.vicarius.io/vsociety/posts/pwning-cmsms-via-user-defined-tags-for-fun-and-learning-cve-2024-27622-27623

CVSS

Base:	5.9
Impact:	3.7
Exploitability:	1.7

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	HIGH

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	LOW	LOW

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Zadnje važnije ažuriranje

17-12-2025 - 16:16

Objavljeno

05-03-2024 - 14:15