CVE-2021-46433

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0220%

EPSS Percentile0.86th

Published2022年3月28日

Last Modified2024年11月21日

Vulnerability Description

In fenom 2.12.1 and before, there is a way in fenom/src/Fenom/Template.php function getTemplateCode()to bypass sandbox to execute arbitrary PHP code when disable_native_funcs is true.

Affected Platforms (CPE)

📦

Fenom Project

Fenom

<= 2.12.1

References & Advisories

🔗 https://github.com/fenom-template/fenom/issues/331

相關漏洞威脅

CVE-2021-2328110.0

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated remote code execution vulnerability. IPM soft...

CVE-2021-4155610.0

sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to ...

CVE-2021-3467910.0

Thycotic Password Reset Server before 5.3.0 allows credential disclosure.

CVE-2021-217710.0

Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Gateway). The supported version tha...