Vulnerability Name
Classifications
Severity
Out of Band Code Execution via SSTI (Python Mako)
PCI v3.2-6.5.1, CAPEC-23, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Critical
Out of Band Code Execution via SSTI (Python Tornado)
PCI v3.2-6.5.1, CAPEC-23, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Critical
Out of Band Command Injection
PCI v3.2-6.5.1, CAPEC-88, CWE-78, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-31, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Critical
Out of Band Remote File Inclusion
PCI v3.2-6.5.1, CAPEC-193, CWE-98, HIPAA-164.306(a), ISO27001-A.14.2.5, WASC-5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Critical
Out of Band SQL Injection
PCI v3.2-6.5.1, CAPEC-66, CWE-89, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-19, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Critical
Remote Code Execution (Spring4Shell)
PCI v3.2-6.5.1, CAPEC-242, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Critical
Remote Code Execution and DoS in HTTP.sys (IIS)
PCI v3.2-6.5.1, CAPEC-340, CWE-20, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-7, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:W/RC:C
Critical
Remote File Inclusion
PCI v3.2-6.5.1, CAPEC-193, CWE-98, HIPAA-164.306(a), ISO27001-A.14.2.5, WASC-5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
Critical
SQL Injection
PCI v3.2-6.5.1, CAPEC-66, CWE-89, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-19, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Critical
SQL Injection (IAST)
PCI v3.2-6.5.1, CAPEC-66, CWE-89, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-19, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Critical
Server-Side Template Injection
PCI v3.2-6.5.1, CWE-74, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Critical
Server-Side Template Injection (ASP.NET Razor)
PCI v3.2-6.5.1, CWE-74, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Critical