CVE-2021-46361
published 2022-02-11CVE-2021-46361: An issue in the Freemark Filter of Magnolia CMS v6.2.11 and below allows attackers to bypass security restrictions and execute arbitrary code via a crafted…
PriorityP352critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.61%
83.5th percentile
An issue in the Freemark Filter of Magnolia CMS v6.2.11 and below allows attackers to bypass security restrictions and execute arbitrary code via a crafted FreeMarker payload.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| magnolia-cms | magnolia_cms | < 6.2.12 | 6.2.12 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Arbitrary code execution in Magnolia CMS
ghsa·2022-02-12
CVE-2021-46361 [CRITICAL] Arbitrary code execution in Magnolia CMS
Arbitrary code execution in Magnolia CMS
An issue in the Freemark Filter of Magnolia CMS v6.2.11 and below allows attackers to bypass security restrictions and execute arbitrary code via a crafted FreeMarker payload.
OSV
Arbitrary code execution in Magnolia CMS
osv·2022-02-12
CVE-2021-46361 [CRITICAL] Arbitrary code execution in Magnolia CMS
Arbitrary code execution in Magnolia CMS
An issue in the Freemark Filter of Magnolia CMS v6.2.11 and below allows attackers to bypass security restrictions and execute arbitrary code via a crafted FreeMarker payload.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://docs.magnolia-cms.com/product-docs/6.2/Releases/Release-notes-for-Magnolia-CMS-6.2.12.html#_security_advisoryhttps://github.com/DrunkenShells/Disclosures/tree/master/CVE-2021-46361-FreeMarker%20Bypass-Magnolia%20CMShttps://docs.magnolia-cms.com/product-docs/6.2/Releases/Release-notes-for-Magnolia-CMS-6.2.12.html#_security_advisoryhttps://github.com/DrunkenShells/Disclosures/tree/master/CVE-2021-46361-FreeMarker%20Bypass-Magnolia%20CMS
2022-02-11
Published