CVE-2024-54954

HighPublic PoC

Published: 10 February 2025

Published

10 February 2025

Modified

28 March 2025

KEV Added

—

Patch

—

CVSS Score 8.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0083 74.6th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-54954 is a high-severity Improper Neutralization of Special Elements Used in a Template Engine (CWE-1336) vulnerability in Zhyd Oneblog. Its CVSS base score is 8.0 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Command and Scripting Interpreter (T1059); ranked in the top 25.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Command and Scripting Interpreter (T1059) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly mitigates template injection by requiring validation and sanitization of user-supplied inputs to the templating engine in OneBlog's template management.

SI-2 Flaw Remediation good match

prevent

Addresses the specific flaw in OneBlog v2.3.6 by mandating identification, reporting, and correction of vulnerabilities like this template injection.

AC-6 Least Privilege partial match

prevent

Reduces the attack surface by enforcing least privilege, limiting low-privilege authenticated users' access to the vulnerable template management functions.

MITRE ATT&CK Enterprise TechniquesAI

T1059 Command and Scripting Interpreter Execution

Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.

attack.mitre.org →

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Template injection (CWE-1336) in OneBlog directly enables server-side arbitrary code execution via malicious template input (T1059) and facilitates remote exploitation of a network-accessible web application (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

OneBlog v2.3.6 was discovered to contain a template injection vulnerability via the template management department.

Deeper analysisAI

CVE-2024-54954 is a template injection vulnerability affecting OneBlog version 2.3.6, specifically in the template management department. This flaw, classified under CWE-1336, allows improper handling of user-supplied input in templates, enabling malicious code execution within the templating engine. The vulnerability received a CVSS v3.1 base score of 8.0, reflecting its high severity due to network accessibility and significant impact potential.

An attacker with low privileges (PR:L), such as an authenticated user, can exploit this over the network (AV:N) with low complexity (AC:L), though it requires user interaction (UI:R), like clicking a malicious link or input. Successful exploitation grants high confidentiality (C:H), integrity (I:H), and availability (A:H) impacts without changing scope (S:U), potentially leading to full server compromise, data exfiltration, or arbitrary code execution on the affected OneBlog instance.

Advisories and additional details, including potential patches or workarounds, are documented in references such as the GitHub Gist at https://gist.github.com/kaoniniang2/03658cc78e789b992b378f4951bedfb7 and the Gitee issue tracker at https://gitee.com/yadong.zhang/DBlog/issues/IB6552. Security practitioners should review these for version-specific mitigation guidance.

Details

CWE(s): CWE-1336

Affected Products

zhyd

oneblog

≤ 2.3.6

CVEs Like This One

CVE-2025-60355Same product: Zhyd Oneblog

CVE-2025-1040Shared CWE-1336

CVE-2025-53833Shared CWE-1336

CVE-2024-57177Shared CWE-1336

CVE-2026-21449Shared CWE-1336

CVE-2026-25526Shared CWE-1336

CVE-2025-49828Shared CWE-1336

CVE-2026-34587Shared CWE-1336

CVE-2025-53909Shared CWE-1336

CVE-2026-22244Shared CWE-1336

References

https://gist.github.com/kaoniniang2/03658cc78e789b992b378f4951bedfb7
Third Party Advisory · cve@mitre.org
https://gitee.com/yadong.zhang/DBlog/issues/IB6552
Exploit, Issue Tracking, Vendor Advisory · cve@mitre.org