Description
MCMS v5.2.5 was discovered to contain a Server Side Template Injection (SSTI) vulnerability via the Template Management module.
Remediation
References
https://github.com/ming-soft/MCMS/issues/59
Related Vulnerabilities
CVE-2022-25860 Vulnerability in npm package simple-git
CVE-2021-4040 Vulnerability in maven package org.apache.activemq:artemis-core-client
CVE-2020-26256 Vulnerability in npm package fast-csv
CVE-2019-10746 Vulnerability in npm package mixin-deep
CVE-2020-17531 Vulnerability in maven package org.apache.tapestry:tapestry-core