Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Crafter_cms
(Craftercms)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 21 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-09-13 | CVE-2022-40634 | Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker SSTI. | Crafter_cms | 7.2 | ||
| 2022-09-13 | CVE-2022-40635 | Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. | Crafter_cms | 7.2 | ||
| 2023-02-17 | CVE-2023-26020 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crafter Studio on Linux, MacOS, Windows, x86, ARM, 64 bit allows SQL Injection.This issue affects CrafterCMS v4.0 from 4.0.0 through 4.0.1, and v3.1 from 3.1.0 through 3.1.26. | Crafter_cms | 7.2 | ||
| 2018-12-06 | CVE-2018-19907 | A Server-Side Template Injection issue was discovered in Crafter CMS 3.0.18. Attackers with developer privileges may execute OS commands by Creating/Editing a template file (.ftl filetype) that triggers a call to freemarker.template.utility.Execute in the FreeMarker library during rendering of a web page. | Crafter_cms | 8.8 | ||
| 2020-11-27 | CVE-2017-15686 | Crafter CMS Crafter Studio 3.0.1 is affected by: Cross Site Scripting (XSS), which allows remote attackers to steal users’ cookies. | Crafter_cms | 6.1 | ||
| 2020-11-27 | CVE-2017-15685 | Crafter CMS Crafter Studio 3.0.1 is affected by: XML External Entity (XXE). An unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band. | Crafter_cms | 8.6 | ||
| 2020-11-27 | CVE-2017-15684 | Crafter CMS Crafter Studio 3.0.1 has a directory traversal vulnerability which allows unauthenticated attackers to view files from the operating system. | Crafter_cms | 7.5 | ||
| 2020-11-27 | CVE-2017-15683 | In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band. | Crafter_cms | 8.6 | ||
| 2020-11-27 | CVE-2017-15682 | In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel. | Crafter_cms | 6.1 | ||
| 2020-11-27 | CVE-2017-15681 | In Crafter CMS Crafter Studio 3.0.1 a directory traversal vulnerability exists which allows unauthenticated attackers to overwrite files from the operating system which can lead to RCE. | Crafter_cms | 9.8 |