Vulnerabilities > CVE-2021-46361 - Unspecified vulnerability in Magnolia-Cms Magnolia CMS
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
An issue in the Freemark Filter of Magnolia CMS v6.2.11 and below allows attackers to bypass security restrictions and execute arbitrary code via a crafted FreeMarker payload.
Vulnerable Configurations
References
- https://docs.magnolia-cms.com/product-docs/6.2/Releases/Release-notes-for-Magnolia-CMS-6.2.12.html#_security_advisory
- https://docs.magnolia-cms.com/product-docs/6.2/Releases/Release-notes-for-Magnolia-CMS-6.2.12.html#_security_advisory
- https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2021-46361-FreeMarker%20Bypass-Magnolia%20CMS
- https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2021-46361-FreeMarker%20Bypass-Magnolia%20CMS