CVE-2024-45186

Name of the Vulnerable Software and Affected Versions FileSender versions prior to 2.49

Description The issue allows unauthorized users to exploit the server’s template processing function, gaining access to critical credentials stored on the server. This is due to a server-side template injection (SSTI) flaw. Over 600 instances are potentially affected.

Recommendations For versions prior to 2.49, update to version 2.49 or later to resolve the issue. As a temporary workaround, consider restricting access to the template processing function until a patch is applied. Avoid using vulnerable template injection endpoints until the issue is resolved.