CVE-2023-29689: Improper Neutralization of Special Elements Used in a Template Engine

August 4, 2023 (updated August 9, 2023)

PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that can be exploited through a server-side template injection (SSTI) flaw. This vulnerability allows a malicious attacker to send customized commands to the server and execute arbitrary code on the affected system.

References

packetstormsecurity.com/files/174088/Pyro-CMS-3.9-Server-Side-Template-Injection.html
cupc4k3.lol/ssti-leads-to-rce-on-pyrocms-7515be27c811
nvd.nist.gov/vuln/detail/CVE-2023-29689

Code Behaviors & Features

Detect and mitigate CVE-2023-29689 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →