Server-Side Template Injection Vulnerability in Bagisto by Bagisto
CVE-2023-33570

8.8HIGH

Key Information:

Vendor: Webkul
Status: Bagisto
Vendor: CVE Published:; 28 June 2023

What is CVE-2023-33570?

The Server-Side Template Injection (SSTI) vulnerability found in Bagisto v1.5.1 allows attackers to manipulate template rendering engines, which can lead to remote code execution and unauthorized access to sensitive data. This flaw poses significant risks to businesses utilizing the affected version of Bagisto. It's essential to implement security measures and apply updates to safeguard against potential exploitation.

References

https://siltonrenato02.medium.com/a-brief-summary-about-a...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 28, 2023
Vulnerability Reserved
May 22, 2023

Webkul

What is CVE-2023-33570?

References

CVSS V3.1

Timeline