PT-2022-15932 · Unknown · Freemarker.Template.Utility+1
Published
2022-02-04
·
Updated
2022-02-09
·
CVE-2022-23329
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
UJCMS Jspxcms version 10.2.0
Description
A vulnerability in the
Execute function of the freemarker.template.utility package allows attackers to execute arbitrary commands via uploading malicious files.Recommendations
For UJCMS Jspxcms version 10.2.0, consider disabling the
Execute function as a temporary workaround until a patch is available. Restrict access to file upload features to minimize the risk of exploitation.Exploit
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ujcms Jspxcms
Freemarker.Template.Utility