CVE-2023-30179

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Jun 13, 2023

Updated: Jan 3, 2025

CWE ID 94

Summary

CVE-2023-30179 is a Server-Side Template Injection (SSTI) vulnerability affecting CraftCMS version 3.7.59. An authenticated attacker can exploit this vulnerability by injecting Twig Templates into the User Photo Location field during user settings modification. If successful, this can result in Remote Code Execution. However, it's important to note that the vendor disputes the potential severity of this issue due to the restricted access to the feature, which is only available to administrators by default.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/qyQFWm
https://www.cve.org/CVERecord?id=CVE-2023-30179
https://nvd.nist.gov/vuln/detail/CVE-2023-30179

Back to Vulnerability Database

CVE-2023-30179

CVSS 3.1 Score 7.2 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations