admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2023/CVE-2023-49964.md

19 lines
914 B
Markdown
Raw Normal View History

Update Sat May 25 21:48:12 CEST 2024
2024-05-25 21:48:12 +02:00
### [CVE-2023-49964](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49964)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
### Description
An issue was discovered in Hyland Alfresco Community Edition through 7.2.0. By inserting malicious content in the folder.get.html.ftl file, an attacker may perform SSTI (Server-Side Template Injection) attacks, which can leverage FreeMarker exposed objects to bypass restrictions and achieve RCE (Remote Code Execution). NOTE: this issue exists because of an incomplete fix for CVE-2020-12873.
### POC
#### Reference
- https://github.com/mbadanoiu/CVE-2023-49964
#### Github
Update CVE sources 2024-06-22 09:37
2024-06-22 09:37:59 +00:00
- https://github.com/mbadanoiu/CVE-2023-49964
Update Sat May 25 21:48:12 CEST 2024
2024-05-25 21:48:12 +02:00
- https://github.com/nomi-sec/PoC-in-GitHub
Reference in New Issue Copy Permalink