GHSA-w7vm-4v3j-vgpw
Suggest an improvement- Source
- https://github.com/advisories/GHSA-w7vm-4v3j-vgpw
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/08/GHSA-w7vm-4v3j-vgpw/GHSA-w7vm-4v3j-vgpw.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-w7vm-4v3j-vgpw
- Aliases
- Published
- 2023-08-04T15:30:15Z
- Modified
- 2024-12-03T06:11:42.473836Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- PyroCMS remote code execution vulnerability
- Details
-
PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that can be exploited through a server-side template injection (SSTI) flaw. This vulnerability allows a malicious attacker to send customized commands to the server and execute arbitrary code on the affected system.
- Database specific
{ "nvd_published_at": "2023-08-04T15:15:10Z", "cwe_ids": [], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2023-08-04T17:27:09Z" }- References
Affected packages
Packagist / pyrocms/pyrocms
Package
- Name
- pyrocms/pyrocms
- Purl
- pkg:composer/pyrocms/pyrocms
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedLast affected3.9
Affected versions
v2.*
v2.3.0-alpha1
v2.3.0-beta1
3.*
3.0.0-alpha1
3.0.0-alpha2
3.4.11
v3.*
v3.0.0-beta1
v3.0.0-beta2
v3.0.0-beta3
v3.0.0-rc1
v3.0.0-rc2
v3.0.0
v3.0.1
v3.0.2
v3.1.0
v3.1.1
v3.1.2
v3.1.3
v3.1.4
v3.1.5
v3.2.0
v3.2.1
v3.2.2
v3.2.3
v3.3.0
v3.3.1
v3.3.2
v3.3.3
v3.3.4
v3.3.5
v3.3.6
v3.3.7
v3.3.8
v3.3.9
v3.4.0
v3.4.1
v3.4.2
v3.4.3
v3.4.4
v3.4.5
v3.4.6
v3.4.7
v3.4.8
v3.4.9
v3.4.10
v3.4.12
v3.4.13
v3.4.14
v3.4.15
v3.5.0
v3.5.1
v3.5.2
v3.5.3
v3.6.0
v3.6.1
v3.6.2
v3.6.3
v3.6.4
v3.6.5
v3.7.0
v3.7.1
v3.8.0
v3.8.1
v3.8.2
v3.8.3