← back
CVE-2023-29689

CVE-2023-29689

EPSS 41.1%
Vexday Risk Score
35Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Proof of concept
Public proof of concept exists, but not yet automated.
CVSS EPSS 41.1%KEV nãoPoC públicaNuclei Metasploit Patch
Lifecycle
04 Aug 2023Published on NVD
08 Aug 2023Public PoC
Weaponization speed
4 daysto first PoC
Weaponized quickly — attackers prioritized this vulnerability. Patch urgently.
Recommendation: Plan a near-term fix — a public PoC already exists.
PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that can be exploited through a server-side template injection (SSTI) flaw. This vulnerability allows a malicious attacker to send customized commands to the server and execute arbitrary code on the affected system.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.