CVE-2021-46433

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0220%

EPSS Percentile0.86th

PublishedMar 28, 2022

Last ModifiedNov 21, 2024

Vulnerability Description

In fenom 2.12.1 and before, there is a way in fenom/src/Fenom/Template.php function getTemplateCode()to bypass sandbox to execute arbitrary PHP code when disable_native_funcs is true.

Affected Platforms (CPE)

📦

Fenom Project

Fenom

<= 2.12.1

References & Advisories

🔗 https://github.com/fenom-template/fenom/issues/331

Related Vulnerabilities

CVE-2021-2328110.0

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated remote code execution vulnerability. IPM soft...

CVE-2021-2132210.0

fastify-http-proxy is an npm package which is a fastify plugin for proxying your http requests to another server, with hooks. By c...

CVE-2021-2132110.0

fastify-reply-from is an npm package which is a fastify plugin to forward the current http request to another server. In fastify-r...

CVE-2021-217710.0

Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Gateway). The supported version tha...