Logo
Resources
Documentation Portal Ideas Portal Logpoint Academy License Portal
Resources
Documentation Portal Ideas Portal Logpoint Academy License Portal
Sign in
  1. Logpoint Service Desk
  2. Products Hub
  3. Product Security

Server-Side Template Injection (SSTI) in Search Template Dashboard

Avatar Kripa Thapa
February 04, 2025 08:41
Follow

Advisory ID: LVD-2024-015

CVSSv 4.0 Vector: AV:A/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L

CVSSv 4.0 Base Score: 5.9

Severity: Medium

CVE: CVE-2024-56085

CWE: CWE-1336

Date Published: 2024-10-15

Description:

Authenticated users can inject payloads while creating a Search Template Dashboard, which gets executed, leading to Server-Side Template Injection. 

Affected Product:

Logpoint versions prior to 7.5.0.

Solution:

Upgrade to Logpoint v7.5.0.

Acknowledgments:

Mehmet D. Ince

Sr. Vulnerability Researcher

Prodaft

Comments

Article is closed for comments.

Related articles

  • Server-Side Template Injection (SSTI) in Search Template Dashboard Queries
  • Remote Code Execution while creating Universal Normalizer
  • Remote Code Execution while creating Report Templates
  • Unauthorized information access due to inadequate access controls
  • Template injection in Search Template
Was this article helpful?
0 out of 0 found this helpful
Privacy policy    EULA    Terms of service   
Copyright © , Logpoint. All rights reserved.

Note: We use cookies that are essential for the smooth functioning of our website.