CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-49964

An issue was discovered in Hyland Alfresco Community Edition through 7.2.0. By inserting malicious content in the folder.get.html.ftl file, an attacker may perform SSTI (Server-Side Template Injection) attacks, which can leverage FreeMarker exposed objects to bypass restrictions and achieve RCE (Remote Code Execution). NOTE: this issue exists because of an incomplete fix for CVE-2020-12873.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.044

EPSS Ranking 88.5%

CVSS Severity

CVSS v3 Score 8.8

References

https://github.com/mbadanoiu/CVE-2023-49964
https://www.alfresco.com/products/community/download
https://github.com/mbadanoiu/CVE-2023-49964
https://www.alfresco.com/products/community/download

Products affected by CVE-2023-49964

Hyland » Alfresco Content Services » Version: N/A

cpe:2.3:a:hyland:alfresco_content_services:-
Hyland » Alfresco Content Services » Version: 7.2.0

cpe:2.3:a:hyland:alfresco_content_services:7.2.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-49964

Products

Pricing

Contact Us