Common Weakness Enumeration

CWE-97

Allowed

Improper Neutralization of Server-Side Includes (SSI) Within a Web Page

Abstraction: Variant · Status: Draft

The product generates a web page, but does not neutralize or incorrectly neutralizes user-controllable input that could be interpreted as a server-side include (SSI) directive.

11 vulnerabilities reference this CWE, most recent first.

GHSA-WJ7R-P6PM-XX2R

Vulnerability from github – Published: 2024-06-17 15:30 – Updated: 2024-08-01 15:31
VLAI
Details

StrongShop v1.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the component /shippingOptionConfig/index.blade.php.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-37621"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1336",
      "CWE-97"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-17T14:15:11Z",
    "severity": "HIGH"
  },
  "details": "StrongShop v1.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the component /shippingOptionConfig/index.blade.php.",
  "id": "GHSA-wj7r-p6pm-xx2r",
  "modified": "2024-08-01T15:31:49Z",
  "published": "2024-06-17T15:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37621"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Hebing123/cve/issues/47"
    },
    {
      "type": "WEB",
      "url": "https://www.strongshop.cn"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

CAPEC-101: Server Side Include (SSI) Injection

An attacker can use Server Side Include (SSI) Injection to send code to a web application that then gets executed by the web server. Doing so enables the attacker to achieve similar results to Cross Site Scripting, viz., arbitrary code execution and information disclosure, albeit on a more limited scale, since the SSI directives are nowhere near as powerful as a full-fledged scripting language. Nonetheless, the attacker can conveniently gain access to sensitive files, such as password files, and execute shell commands.

CAPEC-35: Leverage Executable Code in Non-Executable Files

An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.