What is CVE-2023-22621?

CVE-2023-22621 is a vulnerability in N/a. Published 2023-04-19.

Is CVE-2023-22621 known to be exploited?

7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2023-22621

Strapi through 4.5.5 allows authenticated Server-Side Template Injection (SSTI) that can be exploited to execute arbitrary code on the server. A remote attacker with access to the Strapi admin panel can inject a crafted payload that execut…

EPSS: 0.910 (99.7th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

sofianeelhor/CVE-2023-22621-POC
ARPSyndicate/cvemon
abrahim7112/Vulnerability-checking-program-for-Android
20142995/nuclei-templates
nomi-sec/PoC-in-GitHub
strapi/security-patches
cyb3r-w0lf/nuclei-template-collection

References

github.com/strapi/strapi/releases
www.ghostccamm.com/blog/multi_strapi_vulns/
strapi.io/blog/security-disclosure-of-vulnerabilities-cve

Frequently asked questions

What is CVE-2023-22621?: CVE-2023-22621 is a vulnerability in N/a. Published 2023-04-19.
Is CVE-2023-22621 known to be exploited?: 7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.