CVE-2023-29689
published 2023-08-04CVE-2023-29689: PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that can be exploited through a server-side template injection (SSTI) flaw. This vulnerability…
PriorityP278critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
41.11%
98.5th percentile
PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that can be exploited through a server-side template injection (SSTI) flaw. This vulnerability allows a malicious attacker to send customized commands to the server and execute arbitrary code on the affected system.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pyrocms | pyrocms | — | — |
| pyrocms | pyrocms | 0 – 3.9 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect SSTI payload pattern in POST body targeting the 'description_en' field on the role-edit endpoint. Look for Twig/template injection syntax using map('system') filter. ↗
- →Monitor authenticated POST requests to /admin/users/roles/edit/1 — exploitation requires admin-level access and targets role 1's description field to inject and execute OS commands. ↗
- →Alert on GET requests to /admin/users/roles immediately following a POST to /admin/users/roles/edit/1 from the same session — this is the attacker harvesting command output from the rendered Description field. ↗
- →Exploitation requires an authenticated session with /admin privilege — correlate login events to /admin/login followed by rapid role-edit activity as a behavioral indicator. ↗
- ·Exploitation is authenticated — the attacker must first obtain valid admin credentials and successfully log in before the SSTI payload can be delivered. ↗
- ·The exploit specifically targets role ID 1 (the Admin role) via its description field; other role IDs are not targeted by this PoC. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
PyroCMS remote code execution vulnerability
osv·2023-08-04
CVE-2023-29689 [CRITICAL] PyroCMS remote code execution vulnerability
PyroCMS remote code execution vulnerability
PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that can be exploited through a server-side template injection (SSTI) flaw. This vulnerability allows a malicious attacker to send customized commands to the server and execute arbitrary code on the affected system.
GHSA
PyroCMS remote code execution vulnerability
ghsa·2023-08-04
CVE-2023-29689 [CRITICAL] PyroCMS remote code execution vulnerability
PyroCMS remote code execution vulnerability
PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that can be exploited through a server-side template injection (SSTI) flaw. This vulnerability allows a malicious attacker to send customized commands to the server and execute arbitrary code on the affected system.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/174088/Pyro-CMS-3.9-Server-Side-Template-Injection.htmlhttps://cupc4k3.lol/ssti-leads-to-rce-on-pyrocms-7515be27c811http://packetstormsecurity.com/files/174088/Pyro-CMS-3.9-Server-Side-Template-Injection.htmlhttps://cupc4k3.lol/ssti-leads-to-rce-on-pyrocms-7515be27c811
2023-08-04
Published