Show filters
1 Total Results
Displaying 1-1 of 1
Sort by:
Attacker Value
Unknown

CVE-2021-46114

Disclosure Date: January 26, 2022 (last updated February 23, 2025)
jpress v 4.2.0 is vulnerable to RCE via io.jpress.module.product.ProductNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0