Vulnerability — CVE-2023-22621

CVE-2023-22621

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2023-22621
Description:: Strapi through 4.5.5 allows authenticated Server-Side Template Injection (SSTI) that can be exploited to execute arbitrary code on the server. A remote attacker with access to the Strapi admin panel can inject a crafted payload that executes code on the server into an email template that bypasses the validation checks that should prevent code execution.
Last updated date:: 05/01/2023

Type:: exploit
Confidence:: HIGH
Date of publishing:: 04/25/2023
Reference url to background: https://github.com/sofianeelhor/CVE-2023-22621-POC

Type:: exploit
Confidence:: HIGH
Date of publishing:: 05/01/2023
Reference url to background: https://www.ghostccamm.com/blog/multi_strapi_vulns/