A Server-Side Freemarker template injection vulnerability in halo CMS v1.1.3 In the Edit Theme File function. The ftl file can be edited. This is the Freemarker template file. This file can cause arbitrary code execution when it is rendered in the background. exp: <#assign test="freemarker.template.utility.Execute"?new()> ${test("touch /tmp/freemarkerPwned")}
References
Link | Resource |
---|---|
https://github.com/halo-dev/halo/issues/419 | Exploit Issue Tracking Third Party Advisory |
https://github.com/halo-dev/halo/issues/419 | Exploit Issue Tracking Third Party Advisory |
Configurations
History
21 Nov 2024, 05:12
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/halo-dev/halo/issues/419 - Exploit, Issue Tracking, Third Party Advisory |
Information
Published : 2020-09-30 18:15
Updated : 2024-11-21 05:12
NVD link : CVE-2020-21523
Mitre link : CVE-2020-21523
CVE.ORG link : CVE-2020-21523
JSON object : View
Products Affected
halo
- halo
CWE
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')