Skip to content

CVE-2021-46362: FreeMarker Server-Side Template Injection in Magnolia CMS

Notifications You must be signed in to change notification settings

mbadanoiu/CVE-2021-46362

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 

Repository files navigation

CVE-2021-46362: FreeMarker Server-Side Template Injection in Magnolia CMS

A Server-Side Template Injection (SSTI) vulnerability in the Registration and Forgotten Password forms of Magnolia v6.2.3 and below allows unauthenticated attackers to execute arbitrary code via a crafted payload entered into the fullname parameter.

Collaboration:

This vulnerability was found in collaboration with Marian-Razvan Ilisanu.

Vendor Disclosure:

The vendor's disclosure and fix for this vulnerability can be found here.

Proof Of Concept:

More details and the exploitation process can be found in this PDF.

About

CVE-2021-46362: FreeMarker Server-Side Template Injection in Magnolia CMS

Topics

Resources

Stars

Watchers

Forks