Skip to content
/ CVE-2021-46361 Public

CVE-2021-46361: FreeMarker Restriction Bypass in Magnolia CMS

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mbadanoiu/CVE-2021-46361

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
Magnolia CMS - CVE-2021-46361.pdf
Magnolia CMS - CVE-2021-46361.pdf
 
 
README.md
README.md
 
 

Repository files navigation

CVE-2021-46361: FreeMarker Restriction Bypass in Magnolia CMS

An issue in the FreeMarker Filter of Magnolia CMS v6.2.11 and below allows attackers to bypass security restrictions and execute arbitrary code via a crafted FreeMarker payload.

Vendor Disclosure:

The vendor's disclosure and fix for this vulnerability can be found here.

Proof Of Concept:

More details and the exploitation process can be found in this PDF.

Additional Resources:

The SSTI gadget used to escape the FreeMarker sandbox was inspired from this article by Vincent Herbulot of Synacktiv

About

CVE-2021-46361: FreeMarker Restriction Bypass in Magnolia CMS

Topics

authenticated cve bypass remote-code-execution server-side-template-injection cves 0-day cve-2021-46361

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository