{"id":22066,"date":"2024-01-19T13:40:36","date_gmt":"2024-01-19T12:40:36","guid":{"rendered":"https:\/\/herolab.usd.de\/?page_id=22066"},"modified":"2024-02-07T12:40:27","modified_gmt":"2024-02-07T11:40:27","slug":"usd-2023-0048","status":"publish","type":"page","link":"https:\/\/herolab.usd.de\/en\/security-advisories\/usd-2023-0048\/","title":{"rendered":"usd-2023-0048"},"content":{"rendered":"

[et_pb_section fb_built=\"1\" _builder_version=\"4.21.0\" _module_preset=\"default\" background_color=\"#2E353D\" custom_padding=\"||0px|||\" global_colors_info=\"{}\"][et_pb_row _builder_version=\"4.21.0\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_column type=\"4_4\" _builder_version=\"4.21.0\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_text _builder_version=\"4.23.4\" _module_preset=\"default\" custom_padding=\"||13px|||\" global_colors_info=\"{}\"]<\/p>\n

usd-2023-0048 | Gambio 4.9.2.0 - Server-Side Template Injection<\/h1>\n

<\/h1>\n

Product<\/strong>: Gambio
Affected Version<\/strong>: 4.9.2.0
Vulnerability Type<\/strong>: CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine
Security Risk<\/strong>: High
Vendor URL<\/strong>: https:\/\/www.gambio.de\/<\/a>
Vendor Status<\/strong>: Not fixed
CVE number<\/strong>: CVE-2024-23761<\/p>\n

Description<\/h3>\n

Gambio is software designed for running online shops.
It provides various features and tools to help businesses manage their inventory, process orders, and handle customer interactions.<\/p>\n

According to their homepage, the software is used by more than 25.000 shops.<\/p>\n

The email templates are using the Smarty<\/em> template engine, which can be used to execute arbitrary commands on the underlying system.<\/p>\n

Note:<\/strong> Upon discovery, our team immediately initiated the responsible disclosure process by contacting the vendor behind Gambio.
Unfortunately, despite multiple attempts, our attempts to engage the vendor in resolving this issue have been met with silence.
The vulnerability is still unfixed.<\/p>\n

Proof of Concept<\/h3>\n

The email templates are using the Smarty<\/em> template engine.<\/p>\n

Its possible to receive code execution using a SSTI<\/em> vulnerability.<\/p>\n

\"\"<\/p>\n

Fix<\/h3>\n

It is recommended to define templates statically wherever possible.
If templates are generated dynamically based on user input, it must be ensured that attackers cannot inject any template commands or meta characters.
For this purpose, user input should be masked before it is inserted into the template.<\/p>\n

References<\/h3>\n