FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mustache - Possible Remote Code Execution

Affected packages
phpmustache < 2.14.1

Details

VuXML ID 65847d9d-7f3e-11ec-8624-b42e991fc52e
Discovery 2022-01-20
Entry 2022-01-27

huntr.dev reports:

In Mustache.php v2.0.0 through v2.14.0, Sections tag can lead to arbitrary php code execution even if strict_callables is true when section value is controllable.

[source]

References

CVE Name CVE-2022-0323
URL https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-0323

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.