Security Advisory

CVE-2024-24230

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-03-18 00:00:00

Last updated 2025-03-25 18:07:09

Assigner mitre

State PUBLISHED

Description

Komm.One CMS 10.4.2.14 has a Server-Side Template Injection (SSTI) vulnerability via the Velocity template engine. It allows remote attackers to execute arbitrary code via a URL that specifies java.lang.Runtime in conjunction with getRuntime().exec followed by an OS command.

← Browse all CVEs View on cve.org ↗