Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
crafter cms vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2017-15684
Crafter CMS Crafter Studio 3.0.1 has a directory traversal vulnerability which allows unauthenticated malicious users to view files from the operating system.
Craftercms Crafter Cms
8.6
CVSSv3
CVE-2017-15685
Crafter CMS Crafter Studio 3.0.1 is affected by: XML External Entity (XXE). An unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.
Craftercms Crafter Cms
6.1
CVSSv3
CVE-2017-15686
Crafter CMS Crafter Studio 3.0.1 is affected by: Cross Site Scripting (XSS), which allows remote malicious users to steal users’ cookies.
Craftercms Crafter Cms
7.2
CVSSv3
CVE-2021-23258
Authenticated users with Administrator or Developer roles may execute OS commands by SPEL Expression in Spring beans. SPEL Expression does not have security restrictions, which will cause malicious users to execute arbitrary commands remotely (RCE).
Craftercms Crafter Cms
9.1
CVSSv3
CVE-2021-23264
Installations, where crafter-search is not protected, allow unauthenticated remote malicious users to create, view, and delete search indexes.
Craftercms Crafter Cms
4.3
CVSSv3
CVE-2021-23265
A logged-in and authenticated user with a Reviewer Role may lock a content item.
Craftercms Crafter Cms
8.8
CVSSv3
CVE-2021-23267
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker static methods.
Craftercms Crafter Cms
8.8
CVSSv3
CVE-2018-19907
A Server-Side Template Injection issue exists in Crafter CMS 3.0.18. Attackers with developer privileges may execute OS commands by Creating/Editing a template file (.ftl filetype) that triggers a call to freemarker.template.utility.Execute in the FreeMarker library during render...
Craftercms Crafter Cms
7.2
CVSSv3
CVE-2022-40634
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker SSTI.
Craftercms Crafter Cms
1 Github repository
7.2
CVSSv3
CVE-2022-40635
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass.
Craftercms Crafter Cms
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »