CVE-2024-48042

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Supsystic Contact Form versions 1.7.28 and earlier

Description The issue is related to an Improper Neutralization of Special Elements Used in a Template Engine vulnerability, which allows Command Injection. This can lead to potential cyber security threats.

Recommendations For versions 1.7.28 and earlier, update to version 1.7.29 to secure your site. As a temporary workaround, consider restricting access to the template engine to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1336CWE-82

Related Identifiers

CVE-2024-48042

Affected Products

Contact Form By Supsystic

CVE-2024-48042

Weakness Enumeration

Related Identifiers

Affected Products

References · 8