CVE-2024-32407
HIGHinducer relate < 2024.1 - Remote Code Execution via Page Sandbox Feature
Title source: llmDescription
An issue in inducer relate before v.2024.1 allows a remote attacker to execute arbitrary code via a crafted payload to the Page Sandbox feature.
References (2)
Core 2
Core References
Permissions Required
https://book.hacktricks.xyz/v/jp/pentesting-web/ssti-server-side-template-injection
Exploit, Third Party Advisory
https://cxsecurity.com/issue/WLB-2024040049
Scores
CVSS v3
8.8
EPSS
0.0110
EPSS Percentile
61.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-918
Status
published
Products (1)
inducer/relate
< 2024.1
Published
Apr 22, 2024
Tracked Since
Feb 18, 2026