-
-
Notifications
You must be signed in to change notification settings - Fork 220
/
Copy pathCVE-2023-30145.yml
25 lines (25 loc) · 1.16 KB
/
CVE-2023-30145.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
---
gem: camaleon_cms
cve: 2023-30145
ghsa: x487-866m-p8hr
url: http://packetstormsecurity.com/files/172593/Camaleon-CMS-2.7.0-Server-Side-Template-Injection.html
title: Server-Side Template Injection in Camaleon CMS
date: 2023-05-26
description: |
Camaleon CMS prior to 2.7.4 was discovered to contain a Server-Side
Template Injection (SSTI) vulnerability via the `formats` parameter.
cvss_v3: 9.8
patched_versions:
- ">= 2.7.4"
related:
url:
- https://nvd.nist.gov/vuln/detail/CVE-2023-30145
- https://github.com/paragbagul111/CVE-2023-30145
- http://packetstormsecurity.com/files/172593/Camaleon-CMS-2.7.0-Server-Side-Template-Injection.html
- https://github.com/owen2345/camaleon-cms/issues/1052
- https://github.com/owen2345/camaleon-cms/commit/4485788c544eb1aae52ca613bd9626129e3df6ee
- https://github.com/owen2345/camaleon-cms/releases/tag/2.7.4
- https://drive.google.com/file/d/11MsSYqUnDRFjcwbQKJeL9Q8nWpgVYf2r/view?usp=share_link
- https://portswigger.net/research/server-side-template-injection
- https://book.hacktricks.xyz/pentesting-web/ssti-server-side-template-injection
- https://github.com/advisories/GHSA-x487-866m-p8hr