Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/mbadanoiu/cve-2022-40634

CVE-2022-40634: FreeMarker Server-Side Template Injection in CrafterCMS
https://github.com/mbadanoiu/cve-2022-40634

0-day authenticated bypass cve cve-2020-25803 cve-2022-40634 cves remote-code-execution server-side-template-injection

Last synced: 2 days ago
JSON representation

CVE-2022-40634: FreeMarker Server-Side Template Injection in CrafterCMS

Awesome Lists containing this project

README 

        
# CVE-2022-40634: FreeMarker Server-Side Template Injection in CrafterCMS



By inserting malicious content in a FTL template, an attacker may perform SSTI (Server-Side Template Injection) attacks, which can leverage FreeMarker exposed objects to bypass restrictions and obtain RCE (Remote Code Execution).



### Vendor Disclosure:



The vendor's disclosure and fix for this vulnerability can be found [here](https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2022091301).



### Requirements:



This vulnerability requires:




- Valid user credentials



### Proof Of Concept:



More details and the exploitation process can be found in this [PDF](https://github.com/mbadanoiu/CVE-2022-40634/blob/main/CrafterCMS%20-%20CVE-2022-40634.pdf).



### Additional Resources:



Initial [vulnerability (CVE-2020-25803)](https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2020080102) and [blogpost](https://securitylab.github.com/advisories/GHSL-2020-042-crafter_cms/) by [Alvaro "pwntester" Munoz](https://github.com/pwntester) that inspired the SSTI research and finding of this vulnerability.