Skip to main content

Breaking cybersecurity news

Vulnerability database

EU vulnerability data

Hands-on web security training

Security incidents database

Knowledge library

Analytics & trends

Follow us

Professional cybersecurity intelligence

Breaking cybersecurity news

Vulnerability database

EU vulnerability data

Hands-on web security training

Security incidents database

Knowledge library

Analytics & trends

Follow us

About Sources Sponsored Articles Status Legal Terms

v2.3.3•© 2026

Telegram Bluesky GitHub Contact

Return to CVE list

CVE-2023-2259

CVE-2023-2259

7.2

High

Published:24 Apr 2023

Last updated:17 Jun 2026

Source:security@huntr.dev

Modified

Weakness (CWE)

CWE-1336CWE-1336
CWE-94Code Injection

CVSS Vector

v3.1

Attack Vector: Network
Attack Complexity: Low
Privileges Required: High
User Interaction: None
Scope: Unchanged
Confidentiality: High
Integrity: High
Availability: High

View on MITRE Find PoC on GitHub

Description

Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304.

References

security@huntr.dev

https://github.com/alfio-event/alf.io/commit/94e2923a317452e337393789c9f3192dfc1ddac2

security@huntr.dev

https://huntr.dev/bounties/e753bce0-ce82-463b-b344-2f67b39b60ff

af854a3a-2127-422b-91ae-364da2661108

https://github.com/alfio-event/alf.io/commit/94e2923a317452e337393789c9f3192dfc1ddac2

af854a3a-2127-422b-91ae-364da2661108

https://huntr.dev/bounties/e753bce0-ce82-463b-b344-2f67b39b60ff