CVE-2020-7799

HIGH

FusionAuth <1.11.0 - Command Injection

Title source: llm

Description

An issue was discovered in FusionAuth before 1.11.0. An authenticated user, allowed to edit e-mail templates (Home -> Settings -> Email Templates) or themes (Home -> Settings -> Themes), can execute commands on the underlying operating system by abusing freemarker.template.utility.Execute in the Apache FreeMarker engine that processes custom templates.

Exploits (2)

nomisec WORKING POC 3 stars

by ianxtianxt · poc

https://github.com/ianxtianxt/CVE-2020-7799

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by Pikaqi · poc

https://github.com/Pikaqi/cve-2020-7799

View Code ZIP pw:eip

References (4)

[Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/156102/FusionAuth-1.10-Remote-Command-Execution.html

[Exploit, Release Notes, Vendor Advisory] https://fusionauth.io/docs/v1/tech/release-notes

[Third Party Advisory] https://lab.mediaservice.net/advisory/2020-03-fusionauth.txt

[Mailing List, Third Party Advisory] https://seclists.org/bugtraq/2020/Jan/39

Scores

CVSS v3 7.2

EPSS 0.7513

EPSS Percentile 98.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-917

Status published

Products (1)

fusionauth/fusionauth < 1.11.0

Published Jan 28, 2020

Tracked Since Feb 18, 2026