CVE-2020-21523
CRITICALhalo CMS 1.1.3 - Server-Side Freemarker Template Injection via Edit Theme File Function
Title source: llmDescription
A Server-Side Freemarker template injection vulnerability in halo CMS v1.1.3 In the Edit Theme File function. The ftl file can be edited. This is the Freemarker template file. This file can cause arbitrary code execution when it is rendered in the background. exp: <#assign test="freemarker.template.utility.Execute"?new()> ${test("touch /tmp/freemarkerPwned")}
References (1)
Core 1
Core References
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/halo-dev/halo/issues/419
Scores
CVSS v3
9.8
EPSS
0.0259
EPSS Percentile
83.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-74
Status
published
Products (1)
halo/halo
1.1.3
Published
Sep 30, 2020
Tracked Since
Feb 18, 2026