CVE-2021-42651

Published: May 11, 2022Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A Server Side Template Injection (SSTI) vulnerability in Pentest-Collaboration-Framework v1.0.8 allows an authenticated remote attacker to execute arbitrary code through /project/PROJECTNAME/reports/.

Affected (1)

Products: Pentest Collaboration Framework Project: Pentest Collaboration Framework

Pentest Collaboration Framework Project

1 product

Pentest Collaboration Framework

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Pentest Collaboration Framework Project Pentest Collaboration Framework	Version 1.0.8

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (2)

https://gitlab.com/invuls/pentest-projects/pcf/-/commit/67ca59ff668a4f361a0c6b1327287e484987b6f1

Source: cve@mitre.org

PatchThird Party Advisory

https://gitlab.com/invuls/pentest-projects/pcf/-/commit/67ca59ff668a4f361a0c6b1327287e484987b6f1

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.