CVE-2024-22722 – This Server-Side Template Injection (SSTI) vuln... (How to Fix)

Q: What is the severity of CVE-2024-22722?

CVE-2024-22722 has a CVSS score of 7.2 (HIGH). This Server-Side Template Injection (SSTI) vulnerability in Form Tools 3.1.1 allows attackers to execute arbitrary commands by injecting malicious template code into the Group Name field. Attackers can achieve remote code execution, potentially compromising the entire server. All users running Form Tools 3.1.1 are affected.

📋 TL;DR

This Server-Side Template Injection (SSTI) vulnerability in Form Tools 3.1.1 allows attackers to execute arbitrary commands by injecting malicious template code into the Group Name field. Attackers can achieve remote code execution, potentially compromising the entire server. All users running Form Tools 3.1.1 are affected.

💻 Affected Systems

Products:

Form Tools

Versions: 3.1.1

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default installation when using the add forms functionality.

📦 What is this software?

Form Tools by Formtools

View all CVEs affecting Form Tools →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise leading to data theft, ransomware deployment, or use as a foothold for lateral movement within the network.

🟠

Likely Case

Attacker gains shell access to the web server, exfiltrates sensitive data, and installs backdoors for persistent access.

🟢

If Mitigated

Attack is detected and blocked by WAF or input validation, resulting in failed exploitation attempts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access to the add forms section. The vulnerability is well-documented in security advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.1.2 or later

Vendor Advisory: https://formtools.org/

Restart Required: No

Instructions:

1. Backup your Form Tools installation and database. 2. Download the latest version from the official website. 3. Replace all files with the new version. 4. Verify functionality.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement strict input validation on the Group Name field to reject template syntax.

WAF Rule Implementation

all

Deploy web application firewall rules to block SSTI payload patterns.

🧯 If You Can't Patch

Disable or restrict access to the add forms functionality
Implement network segmentation to isolate the Form Tools server

🔍 How to Verify

Check if Vulnerable:

Check if running Form Tools version 3.1.1 by examining the version in admin panel or source code.

Check Version:

Check the version.php file or admin dashboard for version information.

Verify Fix Applied:

Confirm installation of version 3.1.2 or later and test that template injection attempts are blocked.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to add forms endpoint with template syntax in parameters
Multiple failed login attempts followed by successful access to add forms

Network Indicators:

Outbound connections from web server to unknown IPs
Unusual command execution patterns in HTTP requests

SIEM Query:

source="web_logs" AND (uri="/admin/forms/add.php" OR uri="/admin/forms/") AND (param="group_name" CONTAINS "{{" OR param="group_name" CONTAINS "{%" OR param="group_name" CONTAINS "${")

📊 Metadata

CVE ID: CVE-2024-22722

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-94

Published: April 11, 2024

Last Updated: April 8, 2025

🔗 References

https://hakaisecurity.io/error-404-your-security-not-found-tales-of-web-vulnerabilities/ Exploit,Third Party Advisory
https://hakaisecurity.io/error-404-your-security-not-found-tales-of-web-vulnerabilities/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-22722, you might also want to check these: