Unknown · Filesender · CVE-2024-45186
**Name of the Vulnerable Software and Affected Versions**
FileSender versions prior to 2.49
**Description**
The issue allows unauthorized users to exploit the server’s template processing function, gaining access to critical credentials stored on the server. This is due to a server-side template injection (SSTI) flaw. Over 600 instances are potentially affected.
**Recommendations**
For versions prior to 2.49, update to version 2.49 or later to resolve the issue. As a temporary workaround, consider restricting access to the template processing function until a patch is applied. Avoid using vulnerable template injection endpoints until the issue is resolved.