Vulnerability Details CVE-2020-21523
A Server-Side Freemarker template injection vulnerability in halo CMS v1.1.3 In the Edit Theme File function. The ftl file can be edited. This is the Freemarker template file. This file can cause arbitrary code execution when it is rendered in the background. exp: <#assign test="freemarker.template.utility.Execute"?new()> ${test("touch /tmp/freemarkerPwned")}
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 73.7%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0