Vulnerability in Simple Sa Wirtualna Uczelnia

CVE-2026-34906

Server-Side Template Injection (SSTI) in Wirtualna Uczelnia allows an unauthenticated attacker to perform Remote Code Execution (RCE). In the endpoint redirectToUrl and parameter redirectUrlParameter, insufficient input validation permits…

EPSS: 0.003 (52.6th percentile) — read the EPSS interpretation.

Affected products

Simple Sa Wirtualna Uczelnia — versions 0

Weakness classification (CWE)

CWE-1336 — Improper Neutralization of Special Elements Used in a Template Engine

References

cvd@cert.pl (third-party-advisory)
cvd@cert.pl (product)