VYPR

Komm.One CMS

by Komm.One

CVEs (1)

  • CVE-2024-24230HigMar 18, 2024
    risk 0.49cvss 7.5epss 0.01

    Komm.One CMS 10.4.2.14 has a Server-Side Template Injection (SSTI) vulnerability via the Velocity template engine. It allows remote attackers to execute arbitrary code via a URL that specifies java.lang.Runtime in conjunction with getRuntime().exec followed by an OS command.