cve/CVE-2023-45303.md at b8bb3913ae5ed6689c69f4d953bda7435b2f2da7

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

ThingsBoard before 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute (for content sent to the /api/admin/settings endpoint).

POC

Reference

https://herolab.usd.de/security-advisories/usd-2023-0010/

Github

https://github.com/20142995/sectool
https://github.com/password123456/cve-collector

770 B Raw Blame History

CVE-2023-45303

Description

POC

Reference

Github

770 B

Raw Blame History