-
I'd like to propose the addition of Expression Language (EL) Injection to the ASVS standards, given its relevance and increasing occurrences in modern applications.
Expression Language (EL) Injecti…
-
##### 版本号:
1.6.6
##### 问题描述:
jeecg-boot 3.5.3及之前版本存在安全漏洞,该漏洞源于存在SSTI注入漏洞。攻击者可利用该漏洞通过特制的HTTP请求对/jmreport/loadTableData组件执行任意代码。
##### 错误日志&截图:
JeecgBoot 服务器端模板注入 (CVE-2023-41544)
 that can be used for testing your skills/software
The site highlights a few false…
-
## CVE-2018-13818 - High Severity Vulnerability
Vulnerable Library - twig/twig-v1.35.0
Twig, the flexible, fast, and secure template language for PHP
Library home page: https://api.github.com/repos/…
-
### Is your feature request related to a problem? Please describe.
I've been working through false positives from the time-based blind injection tests, starting with the Command Injection Rule (htt…
-
## CVE-2018-13818 - High Severity Vulnerability
Vulnerable Library - twig/twig-v1.34.4
Twig, the flexible, fast, and secure template language for PHP
Library home page: https://api.github.com/repos/…
-
Vulnerable Library - spring-boot-starter-thymeleaf-1.5.1.RELEASE.jar
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/thymeleaf/thymeleaf/2.1.5.REL…
-
-
Vulnerable Library - thymeleaf-3.0.12.RELEASE.jar
Modern server-side Java template engine for both web and standalone environments
Library home page: http://www.thymeleaf.org
Path to dependency file…
-
Add a PoC exploit for [CVE-2024-4040], unauthenticated server side template injection (SSTI) vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0.
[CVE-2024-4040]: https://nvd.nis…