CVE-2023-29689
CVE-2023-29689
Vexday Risk Score
35Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Proof of concept
Public proof of concept exists, but not yet automated.
CVSS —EPSS 41.1%KEV nãoPoC públicaNuclei —Metasploit —Patch —
Lifecycle
04 Aug 2023Published on NVD
08 Aug 2023Public PoC
Weaponization speed
4 daysto first PoC
Weaponized quickly — attackers prioritized this vulnerability. Patch urgently.
Recommendation: Plan a near-term fix — a public PoC already exists.
PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that can be exploited through a server-side template injection (SSTI) flaw. This vulnerability allows a malicious attacker to send customized commands to the server and execute arbitrary code on the affected system.
Affected products
n/a · n/apublic PoCs found — 3
githubgithub.com/YSaxon/pyrocms-ssti-fix★ 0cve_referencepacketstormsecurity.com/files/174088/Pyro-CMS-3.9-Server-Side-Template-Injection.htmlunverifiedexploitdbwww.exploit-db.com/exploits/51669unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.