Server-Side Template Injection Vulnerability in Bagisto by Bagisto
CVE-2023-33570

8.8HIGH

Key Information:

Vendor: Webkul
Status: Bagisto
Vendor: CVE Published:; 28 June 2023

Summary

The Server-Side Template Injection (SSTI) vulnerability found in Bagisto v1.5.1 allows attackers to manipulate template rendering engines, which can lead to remote code execution and unauthorized access to sensitive data. This flaw poses significant risks to businesses utilizing the affected version of Bagisto. It's essential to implement security measures and apply updates to safeguard against potential exploitation.

References

https://siltonrenato02.medium.com/a-brief-summary-about-a...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 28, 2023
Vulnerability Reserved
May 22, 2023