Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
craftercms crafter cms vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv2
CVE-2021-23264
Installations, where crafter-search is not protected, allow unauthenticated remote malicious users to create, view, and delete search indexes.
Craftercms Crafter Cms
4.3
CVSSv2
CVE-2021-23266
An anonymous user can craft a URL with text that ends up in the log viewer as is. The text can then include textual messages to mislead the administrator.
Craftercms Crafter Cms
6.5
CVSSv2
CVE-2018-19907
A Server-Side Template Injection issue exists in Crafter CMS 3.0.18. Attackers with developer privileges may execute OS commands by Creating/Editing a template file (.ftl filetype) that triggers a call to freemarker.template.utility.Execute in the FreeMarker library during render...
Craftercms Crafter Cms
3.5
CVSSv2
CVE-2021-23260
Authenticated users with Site roles may inject XSS scripts via file names that will execute in the browser for this and other users of the same site.
Craftercms Crafter Cms
6.5
CVSSv2
CVE-2021-23262
Authenticated administrators may modify the main YAML configuration file and load a Java class resulting in RCE.
Craftercms Crafter Cms
5
CVSSv2
CVE-2021-23263
Unauthenticated remote attackers can read textual content via FreeMarker including files /scripts/*, /templates/* and some of the files in /.git/* (non-binary).
Craftercms Crafter Cms
4
CVSSv2
CVE-2021-23265
A logged-in and authenticated user with a Reviewer Role may lock a content item.
Craftercms Crafter Cms
9
CVSSv2
CVE-2021-23267
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker static methods.
Craftercms Crafter Cms
NA
CVE-2022-40634
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker SSTI.
Craftercms Crafter Cms
1 Github repository
NA
CVE-2022-40635
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass.
Craftercms Crafter Cms
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »