Vulnerabilities > CVE-2021-46433 - Unspecified vulnerability in Fenom Project Fenom

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

fenom-project

NVD

Published: 2022-03-28

Updated: 2022-04-04

Summary

In fenom 2.12.1 and before, there is a way in fenom/src/Fenom/Template.php function getTemplateCode()to bypass sandbox to execute arbitrary PHP code when disable_native_funcs is true.

Vulnerable Configurations

Part	Description	Count
Application	Fenom_Project Fenom Project Fenom *	1

References

https://github.com/fenom-template/fenom/issues/331