Vulnerabilities > CVE-2021-46433 - Unspecified vulnerability in Fenom Project Fenom

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
fenom-project
critical

Summary

In fenom 2.12.1 and before, there is a way in fenom/src/Fenom/Template.php function getTemplateCode()to bypass sandbox to execute arbitrary PHP code when disable_native_funcs is true.

Vulnerable Configurations

Part Description Count
Application
Fenom_Project
1