Description
MCMS v5.2.5 was discovered to contain a Server Side Template Injection (SSTI) vulnerability via the Template Management module.
Remediation
References
https://github.com/ming-soft/MCMS/issues/59
Related Vulnerabilities
CVE-2022-28355 Vulnerability in maven package org.scala-js:scalajs-library_2.11
CVE-2021-32641 Vulnerability in npm package auth0-lock
CVE-2022-4565 Vulnerability in maven package cn.hutool:hutool-core
CVE-2020-7760 Vulnerability in maven package org.apache.marmotta.webjars:codemirror
CVE-2022-23496 Vulnerability in maven package nl.basjes.parse.useragent:yauaa-drill