CVE-2022-40634: FreeMarker Server-Side Template Injection in CrafterCMS
CVE-2022-40634: FreeMarker Server-Side Template Injection in CrafterCMS By inserting malicious content in a FTL template, an attacker may perform SSTI (Server-Side Template Injection) attacks, which can leverage FreeMarker exposed objects to bypass restrictions and obtain RCE (Remote Code Execution) Vendor Disclosure: The vendor's disclosure and fix for this vulnerability