ГлавнаяУязвимости → CVE-2024-22722
7.2высокая

CVE-2024-22722

Описание

Server Side Template Injection (SSTI) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary commands via the Group Name field under the add forms section of the application.

Затрагиваемое ПО
Formtools Form tools
CVSS
Балл7.2 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Источники
https://hakaisecurity.io/error-404-your-security-not-found-tales-of-web-vulnerabilities/https://hakaisecurity.io/error-404-your-security-not-found-tales-of-web-vulnerabilities/