Skip to main content

Sprout Forms

1 CVEs product

Monthly

CVE-2020-11056 PHP MEDIUM PATCH This Month

In Sprout Forms before 3.9.0, there is a potential Server-Side Template Injection vulnerability when using custom fields in Notification Emails which could lead to the execution of Twig code. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Sprout Forms
NVD GitHub
CVSS 3.1
6.3
EPSS
1.0%
EPSS 1% CVSS 6.3
MEDIUM PATCH This Month

In Sprout Forms before 3.9.0, there is a potential Server-Side Template Injection vulnerability when using custom fields in Notification Emails which could lead to the execution of Twig code. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Sprout Forms
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy