CVE-2024-22722

HIGH

Form Tools 3.1.1 - Command Injection

Title source: llm

Description

Server Side Template Injection (SSTI) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary commands via the Group Name field under the add forms section of the application.

Exploits (1)

nomisec WORKING POC

by terribledactyl · poc

https://github.com/terribledactyl/Form-Tools-3.1.1-RCE

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory] https://hakaisecurity.io/error-404-your-security-not-found-tales-of-web-vulnerabilities/

Scores

CVSS v3 7.2

EPSS 0.0008

EPSS Percentile 22.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-94

Status published

Products (1)

formtools/form_tools 3.1.1

Published Apr 11, 2024

Tracked Since Feb 18, 2026