CVE-2021-46362

CRITICAL

Magnolia CMS < 6.2.4 - Server-Side Template Injection via Registration and Forgotten Password Forms

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-46362. PoCs published by mbadanoiu.

AI-analyzed exploit summary This repository contains a writeup for CVE-2021-46362, a Server-Side Template Injection (SSTI) vulnerability in Magnolia CMS v6.2.3 and below. The vulnerability allows unauthenticated attackers to execute arbitrary code via the fullname parameter in the Registration and Forgotten Password forms.

Description

A Server-Side Template Injection (SSTI) vulnerability in the Registration and Forgotten Password forms of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted payload entered into the fullname parameter.

Exploits (1)

nomisec WRITEUP
by mbadanoiu · poc
https://github.com/mbadanoiu/CVE-2021-46362

This repository contains a writeup for CVE-2021-46362, a Server-Side Template Injection (SSTI) vulnerability in Magnolia CMS v6.2.3 and below. The vulnerability allows unauthenticated attackers to execute arbitrary code via the fullname parameter in the Registration and Forgotten Password forms.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Magnolia CMS v6.2.3 and below
No auth needed
Prerequisites: Access to the Registration or Forgotten Password forms
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 9.8
EPSS 0.0437
EPSS Percentile 90.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-94
Status published
Products (1)
magnolia-cms/magnolia_cms < 6.2.4
Published Feb 11, 2022
Tracked Since Feb 18, 2026