Back to search
CVE-2020-21523
Published: Sep 30, 2020
Modified: Aug 4, 2024
PUBLISHED
Description
A Server-Side Freemarker template injection vulnerability in halo CMS v1.1.3 In the Edit Theme File function. The ftl file can be edited. This is the Freemarker template file. This file can cause arbitrary code execution when it is rendered in the background. exp: <#assign test="freemarker.template.utility.Execute"?new()> ${test("touch /tmp/freemarkerPwned")}
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://github.com/halo-dev/halo/issues/419
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now