Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
crafter cms vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2021-23258
Authenticated users with Administrator or Developer roles may execute OS commands by SPEL Expression in Spring beans. SPEL Expression does not have security restrictions, which will cause malicious users to execute arbitrary commands remotely (RCE).
Craftercms Crafter Cms
6.5
CVSSv2
CVE-2021-23259
Authenticated users with Administrator or Developer roles may execute OS commands by Groovy Script which uses Groovy lib to render a webpage. The groovy script does not have security restrictions, which will cause malicious users to execute arbitrary commands remotely(RCE).
Craftercms Crafter Cms
6.4
CVSSv2
CVE-2021-23264
Installations, where crafter-search is not protected, allow unauthenticated remote malicious users to create, view, and delete search indexes.
Craftercms Crafter Cms
4
CVSSv2
CVE-2021-23265
A logged-in and authenticated user with a Reviewer Role may lock a content item.
Craftercms Crafter Cms
4.3
CVSSv2
CVE-2021-23266
An anonymous user can craft a URL with text that ends up in the log viewer as is. The text can then include textual messages to mislead the administrator.
Craftercms Crafter Cms
9
CVSSv2
CVE-2021-23267
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker static methods.
Craftercms Crafter Cms
6.4
CVSSv2
CVE-2017-15680
In Crafter CMS Crafter Studio 3.0.1 an IDOR vulnerability exists which allows unauthenticated malicious users to view and modify administrative data.
Craftercms Crafter Cms
7.5
CVSSv2
CVE-2017-15681
In Crafter CMS Crafter Studio 3.0.1 a directory traversal vulnerability exists which allows unauthenticated malicious users to overwrite files from the operating system which can lead to RCE.
Craftercms Crafter Cms
4.3
CVSSv2
CVE-2017-15682
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel.
Craftercms Crafter Cms
5
CVSSv2
CVE-2017-15684
Crafter CMS Crafter Studio 3.0.1 has a directory traversal vulnerability which allows unauthenticated malicious users to view files from the operating system.
Craftercms Crafter Cms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977
IMAP
local users
CVE-2024-32038
CVE-2023-49963
CVE-2023-22869
CVE-2024-31497
local
CVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »