Full title: FusionAuth 1.10 Remote Command Execution Vulnerability 
Category: web applications
Platform: multiple
FusionAuth versions 1.10 and below suffer from a remote command execution vulnerability. An authenticated attacker with enough privileges to access the template editing functions (either site templates or e-mail templates) in the FusionAuth dashboard can execute commands on the underlying operating system using the Apache FreeMarker Expression language.

# 0day.today @ http://0day.today/