Vulnerabilities > CVE-2023-29689 - Unspecified vulnerability in Pyrocms 3.9

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

pyrocms

critical

NVD

Published: 2023-08-04

Updated: 2023-08-09

Summary

PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that can be exploited through a server-side template injection (SSTI) flaw. This vulnerability allows a malicious attacker to send customized commands to the server and execute arbitrary code on the affected system.

Vulnerable Configurations

Part	Description	Count
Application	Pyrocms Pyrocms Pyrocms 3.9	1

References

https://cupc4k3.lol/ssti-leads-to-rce-on-pyrocms-7515be27c811
http://packetstormsecurity.com/files/174088/Pyro-CMS-3.9-Server-Side-Template-Injection.html