Magnolia-cms : Security Vulnerabilities, CVEs, (Code Execution)
A vulnerability in the Snake YAML parser of Magnolia CMS v6.2.3 and below allows attackers to execute arbitrary code via a crafted YAML file.
Max CVSS
7.8
EPSS Score
0.07%
Published
2022-02-11
Updated
2022-03-29
A Server-Side Template Injection (SSTI) vulnerability in the Registration and Forgotten Password forms of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted payload entered into the fullname parameter.
Max CVSS
9.8
EPSS Score
0.27%
Published
2022-02-11
Updated
2022-02-22
An issue in the Freemark Filter of Magnolia CMS v6.2.11 and below allows attackers to bypass security restrictions and execute arbitrary code via a crafted FreeMarker payload.
Max CVSS
9.8
EPSS Score
0.22%
Published
2022-02-11
Updated
2022-02-22
3 vulnerabilities found