Description

The application allows injecting malicious entries into a server-side command template. This vulnerability occurs when an attacker can use the template's template syntax to inject a malicious payload into a template, which is then executed on the server side.

Impact

- Execute commands remotely - View the contents of sensitive files stored on the server. - Obtain sensitive information. - Read system files. - Cause strange behavior on the server.

Recommendation

Properly sanitize user-controlled inputs. Encourage the use of sandboxing.

Threat

Unauthenticated attacker from the Internet.

Expected Remediation Time

⏱️ 1440 minutes.

Requirements

Fixes