Summary

A Server-Side Template Injection (SSTI) vulnerability exists in in Mblog Blog system v.3.5.0, allowing an attacker to execute arbitrary code by uploading a malicious theme. This post unravels the mystery by exploring of this CVE and digs deeper into the process of exploiting the target from knowing nothing about it to having a full-blown root shell on the underlying OS!

Description