CVE-2020-21523

CRITICAL

halo CMS 1.1.3 - Server-Side Freemarker Template Injection via Edit Theme File Function

Title source: llm
STIX 2.1

Description

A Server-Side Freemarker template injection vulnerability in halo CMS v1.1.3 In the Edit Theme File function. The ftl file can be edited. This is the Freemarker template file. This file can cause arbitrary code execution when it is rendered in the background. exp: <#assign test="freemarker.template.utility.Execute"?new()> ${test("touch /tmp/freemarkerPwned")}

References (1)

Core 1
Core References
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/halo-dev/halo/issues/419

Scores

CVSS v3 9.8
EPSS 0.0259
EPSS Percentile 83.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-74
Status published
Products (1)
halo/halo 1.1.3
Published Sep 30, 2020
Tracked Since Feb 18, 2026