CVE-2023-43661
HIGHCachet < 2.4 - Remote Code Execution via Template Injection
Title source: llmDescription
Cachet, the open-source status page system. Prior to the 2.4 branch, a template functionality which allows users to create templates allows them to execute any code on the server during the bad filtration and old twig version. Commit 6fb043e109d2a262ce3974e863c54e9e5f5e0587 of the 2.4 branch contains a patch for this issue.
References (2)
Core 2
Core References
Exploit, Mitigation, Vendor Advisory x_refsource_confirm
https://github.com/cachethq/cachet/security/advisories/GHSA-hv79-p62r-wg3p
Scores
CVSS v3
8.8
EPSS
0.4690
EPSS Percentile
98.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-74
CWE-94
Status
published
Products (2)
all-three/cachet
< 2.4
cachethq/cachet
0 - 2.4Packagist
Published
Oct 11, 2023
Tracked Since
Feb 18, 2026