FusionAuth 1.10 Remote Command Execution...

- AV AC AU C I A
发布: 2020-01-27
修订: 2020-01-28

FusionAuth versions 1.10 and below suffer from a remote command execution vulnerability. An authenticated attacker with enough privileges to access the template editing functions (either site templates or e-mail templates) in the FusionAuth dashboard can execute commands on the underlying operating system using the Apache FreeMarker Expression language.

0%
当前有1条漏洞利用/PoC
产品及版本信息(CPE)暂不可用