Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
craftercms crafter cms vulnerabilities and exploits
(subscribe to this query)
8.6
CVSSv3
CVE-2017-15683
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.
Craftercms Crafter Cms
7.5
CVSSv3
CVE-2017-15684
Crafter CMS Crafter Studio 3.0.1 has a directory traversal vulnerability which allows unauthenticated malicious users to view files from the operating system.
Craftercms Crafter Cms
8.6
CVSSv3
CVE-2017-15685
Crafter CMS Crafter Studio 3.0.1 is affected by: XML External Entity (XXE). An unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.
Craftercms Crafter Cms
6.1
CVSSv3
CVE-2017-15682
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel.
Craftercms Crafter Cms
6.1
CVSSv3
CVE-2017-15686
Crafter CMS Crafter Studio 3.0.1 is affected by: Cross Site Scripting (XSS), which allows remote malicious users to steal users’ cookies.
Craftercms Crafter Cms
7.2
CVSSv3
CVE-2023-26020
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crafter Studio on Linux, MacOS, Windows, x86, ARM, 64 bit allows SQL Injection.This issue affects CrafterCMS v4.0 from 4.0.0 up to and including 4.0.1, and v3.1 from 3....
Craftercms Crafter Cms
7.2
CVSSv3
CVE-2022-40634
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker SSTI.
Craftercms Crafter Cms
1 Github repository
7.2
CVSSv3
CVE-2021-23259
Authenticated users with Administrator or Developer roles may execute OS commands by Groovy Script which uses Groovy lib to render a webpage. The groovy script does not have security restrictions, which will cause malicious users to execute arbitrary commands remotely(RCE).
Craftercms Crafter Cms
5.4
CVSSv3
CVE-2021-23260
Authenticated users with Site roles may inject XSS scripts via file names that will execute in the browser for this and other users of the same site.
Craftercms Crafter Cms
7.2
CVSSv3
CVE-2021-23262
Authenticated administrators may modify the main YAML configuration file and load a Java class resulting in RCE.
Craftercms Crafter Cms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »