Main Vulnerability Database Exploits ID:8148 - Exploit for Security features bypass in Twig - CVE-2022-23614

ID:8148 - Exploit for Security features bypass in Twig - CVE-2022-23614

Published: July 18, 2022

Vulnerability identifier: #VU61609

Vulnerability risk: High

CVE-ID: CVE-2022-23614

CWE-ID: CWE-254

Exploitation vector: Remote access

Vulnerable software:
Twig

Link to public exploit:

https://github.com/davwwwx/CVE-2022-23614

Vulnerability description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to missing security restrictions for non closures in "sort" filter when using a sandbox mode. A remote attacker can pass specially crafted data to the application and execute arbitrary PHP code on the system.

Remediation

Install updates from vendor's website.

ID:8148 - Exploit for Security features bypass in Twig - CVE-2022-23614

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human