How severe is CVE-2024-30372?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2024-30372?

This is classified as CWE-1336, which is a common weakness in software security.

CVE-2024-30372 - HIGH Severity | CVSS 8.8

Vulnerability Description

Allegra getLinkText Server-Side Template Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of getLinkText method. The issue results from the lack of proper validation of a user-supplied string before processing it with the template engine. An attacker can leverage this vulnerability to execute code in the context of LOCAL SERVICE. Was ZDI-CAN-23609.

Related Vulnerabilities

CVE-2021-4315

HIGH

CVSS:8.8(High)

A vulnerability has been found in NYUCCL psiTurk up to 3.2.0 and classified as critical. This vulnerability affects unknown code of the file psiturk/experiment.py. The manipulation of the argument mod...

CWE-13362021

CVE-2023-27995

HIGH

CVSS:8.8(High)

A improper neutralization of special elements used in a template engine vulnerability in Fortinet FortiSOAR 7.3.0 through 7.3.1 allows an authenticated, remote attacker to execute arbitrary code via a...

CWE-13362023

CVE-2024-46366

HIGH

CVSS:8.8(High)

A Client-side Template Injection (CSTI) vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to execute arbitrary client-side template code by injecting a malicious payload during the lead...

CWE-13362024

CVE-2024-52427

HIGH

CVSS:8.8(High)

Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Saso Nikolov Event Tickets with Ticket Scanner allows Server Side Include (SSI) Injection.This issue affects Even...

CWE-13362024

CVE-2024-6386

HIGH

CVSS:8.8(High)

The WPML plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.6.12 via the Twig Server-Side Template Injection. This is due to missing input validation a...

CWE-13362024

CVE-2022-0944

CRITICAL

CVSS:9.1(Critical)

Template injection in connection test endpoint leads to RCE in GitHub repository sqlpad/sqlpad prior to 6.10.1.

CWE-13362022