Authenticated users with Administrator or Developer roles may execute OS commands by Groovy Script which uses Groovy lib to render a webpage. The groovy script does not have security restrictions, which will cause malicious users to execute arbitrary commands remotely(RCE).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
craftercms crafter cms |