Description
MCMS v5.2.5 was discovered to contain a Server Side Template Injection (SSTI) vulnerability via the Template Management module.
Remediation
References
https://github.com/ming-soft/MCMS/issues/59
Related Vulnerabilities
CVE-2017-16175 Vulnerability in npm package ewgaddis.lab6
CVE-2022-37767 Vulnerability in maven package io.pebbletemplates:pebble
CVE-2023-34093 Vulnerability in npm package @strapi/strapi
CVE-2020-7733 Vulnerability in maven package org.webjars.bowergithub.faisalman:ua-parser-js
CVE-2020-28487 Vulnerability in maven package org.webjars.npm:vis-timeline