ГлавнаяУязвимости → CVE-2024-24230
7.5высокая

CVE-2024-24230

Описание

Komm.One CMS 10.4.2.14 has a Server-Side Template Injection (SSTI) vulnerability via the Velocity template engine. It allows remote attackers to execute arbitrary code via a URL that specifies java.lang.Runtime in conjunction with getRuntime().exec followed by an OS command.

CVSS
Балл7.5 — высокая
ВекторCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://blog.munz4u.de/posts/2023/11/cve-2023-xxxxx-rce-via-ssti-in-komm.one-cms-10.4.2.14/https://blog.munz4u.de/posts/2023/11/cve-2023-xxxxx-rce-via-ssti-in-komm.one-cms-10.4.2.14/