Server-Side Template Injection in Sprout Forms Notification Emails
CVE-2020-11056 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
In Sprout Forms before 3.9.0, there is a potential Server-Side Template Injection vulnerability when using custom fields in Notification Emails which could lead to the execution of Twig code. This has been fixed in 3.9.0.
Learn more about our Cis Benchmark Audit For Server Software.