CVE-2023-29689
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-29689
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-29689.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-29689
- Aliases
- Published
- 2023-08-04T15:15:10Z
- Modified
- 2024-09-03T04:30:00.937638Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that can be exploited through a server-side template injection (SSTI) flaw. This vulnerability allows a malicious attacker to send customized commands to the server and execute arbitrary code on the affected system.
- References
Affected packages
Git / github.com/pyrocms/pyrocms
Affected ranges
- Type
- GIT
- Repo
- https://github.com/pyrocms/pyrocms
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
3.*
3.0.0-alpha1
v3.*
v3.0.0
v3.0.0-beta1
v3.0.0-beta2
v3.0.0-beta3
v3.0.0-rc1
v3.0.0-rc2
v3.0.1
v3.0.2
v3.1.0
v3.1.1
v3.1.2
v3.1.3
v3.1.4
v3.2.0
v3.2.1
v3.2.2
v3.2.3
v3.3.0
v3.3.1
v3.3.2
v3.3.3
v3.3.4
v3.3.5
v3.3.6
v3.3.7
v3.3.8
v3.3.9
v3.4.0
v3.4.1
v3.4.10
v3.4.11
v3.4.12
v3.4.13
v3.4.14
v3.4.15
v3.4.2
v3.4.3
v3.4.4
v3.4.5
v3.4.6
v3.4.7
v3.4.8
v3.4.9
v3.5.0
v3.5.1
v3.5.2
v3.5.3
v3.6.0
v3.6.1
v3.6.2
v3.6.3
v3.7.0
v3.8.0
v3.8.1
v3.8.2
v3.8.3
v3.9.0