CVE

CVE-2023-30179

admin

CVE-2023-30179

CraftCMS version 3.7.59 is vulnerable to Server-Side Template Injection (SSTI). An authenticated attacker can inject Twig Template to User Photo Location field when setting User Photo Location in User Settings, lead to Remote Code Execution.

Source: CVE-2023-30179

Exit mobile version