Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
Strapi through 4.5.5 allows authenticated Server-Side Template Injection (SSTI) that can be exploited to execute arbitrary code on the server. A remote attacker with access to the Strapi admin panel can inject a crafted payload that executes code on the server into an email template that bypasses the validation checks that should prevent code execution.
- https://github.com/strapi/strapi/releases
- https://strapi.io/blog/security-disclosure-of-vulnerabilities-cve
- https://www.ghostccamm.com/blog/multi_strapi_vulns/
- https://github.com/20142995/nuclei-templates
- https://github.com/ARPSyndicate/cvemon
- https://github.com/abrahim7112/Vulnerability-checking-program-for-Android
- https://github.com/cyb3r-w0lf/nuclei-template-collection
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/sofianeelhor/CVE-2023-22621-POC
- https://github.com/strapi/security-patches