StrongShop v1.0 has a vulnerability for Server-Side Template Injection (SSTI).The vulnerability allows attackers to inject malicious code into templates executed on the server by the Laytpl engine.
Details
The vulnerability occurs in: resources/views/admin/shippingOptionConfig/index.blade.php.
Summary
StrongShop v1.0 has a vulnerability for Server-Side Template Injection (SSTI).The vulnerability allows attackers to inject malicious code into templates executed on the server by the Laytpl engine.
Details
The vulnerability occurs in:![image](https://github.com/Hebing123/cve/assets/66168888/6cc1fd8e-6a60-4ef3-91fc-f54e05bd10f2)
resources/views/admin/shippingOptionConfig/index.blade.php
.Proof of Concept (POC)
http://192.168.0.10:1019/admin/shippingOptionConfig/index?shipping_option_id={{25*25}}![image](https://github.com/Hebing123/cve/assets/66168888/281961de-4334-4307-9d75-aa14493bcec0)
Impact
An attacker with administrator can exploit the server-side Template Injection (SSTI) vulnerability to attack a Server.