Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
An issue in the Export function of Magnolia allows attackers to execute arbitrary code via a crafted CSV/XLS file.
Advisories for Maven/Info.magnolia/Magnolia-Core package
2022
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
An issue in the Export function of Magnolia allows attackers to execute arbitrary code via a crafted XLF file.
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
A vulnerability in the Snake YAML parser of Magnolia CMS allows attackers to execute arbitrary code via a crafted YAML file.
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
An issue in the Freemark Filter of Magnolia CMS allows attackers to bypass security restrictions and execute arbitrary code via a crafted FreeMarker payload.
Cross-Site Request Forgery (CSRF)
An issue in the Login page of Magnolia CMS v6.2.3 allows attackers to exploit both an Open Redirect vulnerability and Cross-Site Request Forgery (CSRF) in order to brute force and exfiltrate users' credentials.