Remote Code Execution via Server-Side Template Injection (SSTI)
CVE-2024-32404

6MEDIUM

Key Information:

Vendor: Inducer
Status: Relate
Vendor: CVE Published:; 26 April 2024

What is CVE-2024-32404?

Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1, allows remote attackers to execute arbitrary code via a crafted payload to the Markup Sandbox feature.

References

https://packetstormsecurity.com/2404-exploits/rlts-sstexe...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 26, 2024

CVE-2024-32404 Data

JSON

Inducer

What is CVE-2024-32404?

References

CVSS V3.1

Timeline