CVE-2024-34461
published 2024-05-04CVE-2024-34461: Zenario before 9.5.60437 uses Twig filters insecurely in the Twig Snippet plugin, and in the site-wide HEAD and BODY elements, enabling code execution by a…
PriorityP355critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.95%
56.9th percentile
Zenario before 9.5.60437 uses Twig filters insecurely in the Twig Snippet plugin, and in the site-wide HEAD and BODY elements, enabling code execution by a designer or an administrator.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tribalsystems | zenario | >= 0 < 9.5.60437 | 9.5.60437 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Zenario uses Twig filters insecurely in the Twig Snippet plugin
ghsa·2024-05-04
CVE-2024-34461 [CRITICAL] CWE-94 Zenario uses Twig filters insecurely in the Twig Snippet plugin
Zenario uses Twig filters insecurely in the Twig Snippet plugin
Zenario before 9.5.60437 uses Twig filters insecurely in the Twig Snippet plugin, and in the site-wide HEAD and BODY elements, enabling code execution by a designer or an administrator.
OSV
Zenario uses Twig filters insecurely in the Twig Snippet plugin
osv·2024-05-04
CVE-2024-34461 [CRITICAL] Zenario uses Twig filters insecurely in the Twig Snippet plugin
Zenario uses Twig filters insecurely in the Twig Snippet plugin
Zenario before 9.5.60437 uses Twig filters insecurely in the Twig Snippet plugin, and in the site-wide HEAD and BODY elements, enabling code execution by a designer or an administrator.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-05-04
Published