Azuriom CMS Client-Side Template Injection Vulnerability in Admin Dashboard
Vulnerability
A client-side template injection vulnerability has been identified in the Azuriom CMS admin dashboard. This issue allows low-privilege users to execute arbitrary template code within the context of an administrator's session. The vulnerability arises in plugins or dashboard components that display untrusted user input, potentially leading to unauthorized privilege escalation. The issue has been resolved in Azuriom version 1.2.7.
Impact
Exploitation of this vulnerability could allow a low-privilege user to execute arbitrary template code in an administrator's session, potentially escalating privileges to that of an admin.
Reproduction
To reproduce this vulnerability, a low-privilege user can input untrusted data into a plugin or dashboard component that does not properly sanitize user input. Once the data is rendered, the injected template code will execute in the context of the admin session.
Remediation
Users can update to Azuriom version 1.2.7 to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.