CVE-2020-7799

HIGH Year: 2020
CVSS v3 Score
7.2
High
CVSS v2 Score
9.0
Critical
Weakness Type
CWE-917
View all →

Vulnerability Description

An issue was discovered in FusionAuth before 1.11.0. An authenticated user, allowed to edit e-mail templates (Home -> Settings -> Email Templates) or themes (Home -> Settings -> Themes), can execute commands on the underlying operating system by abusing freemarker.template.utility.Execute in the Apache FreeMarker engine that processes custom templates.

Related Vulnerabilities

CVE-2018-16621

HIGH
CVSS:7.2(High)

Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection.

CWE-9172018

CVE-2019-9041

HIGH
CVSS:7.2(High)

An issue was discovered in ZZZCMS zzzphp V1.6.1. In the inc/zzz_template.php file, the parserIfLabel() function's filtering is not strict, resulting in PHP code execution, as demonstrated by the if:as...

CWE-9172019

CVE-2019-16469

HIGH
CVSS:7.5(High)

Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an expression language injection vulnerability. Successful exploitation could lead to sensitive information disclosure.

CWE-9172019

CVE-2019-5355

HIGH
CVSS:7.5(High)

A remote denial of service vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CWE-9172019

CVE-2020-26565

HIGH
CVSS:7.5(High)

ObjectPlanet Opinio before 7.14 allows Expression Language Injection via the admin/permissionList.do from parameter. This can be used to retrieve possibly sensitive serverInfo data.

CWE-9172020

CVE-2019-11628

MEDIUM
CVSS:6.5(Medium)

An issue was discovered in QlikView Server before 11.20 SR19, 12.00 and 12.10 before 12.10 SR11, 12.20 before SR9, and 12.30 before SR2; and Qlik Sense Enterprise and Qlik Analytics Platform installat...

CWE-9172019