Ssti
CVE-2022-25813
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Lifecycle Timeline
1DescriptionNVD
In Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message “Subject” field from the "Contact us" page. Then a party manager needs to list the communications in the party component to activate the SSTI. A RCE is then possible.
AnalysisAI
In Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message “Subject” field from the "Contact us". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-1336. In Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message “Subject” field from the "Contact us" page. Then a party manager needs to list the communications in the party component to activate the SSTI. A RCE is then possible. Affected products include: Apache Ofbiz.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Invision Community 5.0.0 through 5.0.6 contains an unauthenticated remote code execution vulnerability in the template e
Remote code execution in the WPML WordPress multilingual plugin (versions up to and including 4.6.12) allows Contributor
Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. Rated c
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Rated critical seve
changedetection.io is an open source web page change detection, website watcher, restock monitor and notification servic
A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms all
Gibbon through 26.0.00 allows /modules/School%20Admin/messengerSettings.php Server Side Template Injection leading to Re
Server-side template injection in FOSSBilling versions prior to 0.8.0 allows authenticated administrators to execute arb
AutoGPT versions 0.3.4 and earlier are vulnerable to a Server-Side Template Injection (SSTI) that could lead to Remote C
Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2.
Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository microweber/microweber prior t
OneBlog v2.3.6 was discovered to contain a template injection vulnerability via the template management department. Rate
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today