← Back

Craftercms

craftercms

27 CVEs • 3 products

Products (3)

Click to collapse
Toggle
Crafter Cms
crafter_cms
21 CVEs
Craftercms
craftercms
4 CVEs
Studio
studio
2 CVEs

CVEs (27)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2017-15683
1Craftercms
1Crafter Cms
Nov 21, 2024
Nov 27, 2020
N/A· v4
8.6 HIGH· v3
5.0 MEDIUM· v2
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.
CVE-2017-15682
1Craftercms
1Crafter Cms
Nov 21, 2024
Nov 27, 2020
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel.
CVE-2017-15681
1Craftercms
1Crafter Cms
Nov 21, 2024
Nov 27, 2020
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
In Crafter CMS Crafter Studio 3.0.1 a directory traversal vulnerability exists which allows unauthenticated attackers to overwrite files from the operating system which can lead to RCE.
CVE-2017-15680
1Craftercms
1Crafter Cms
Nov 21, 2024
Nov 27, 2020
N/A· v4
6.5 MEDIUM· v3
6.4 MEDIUM· v2
In Crafter CMS Crafter Studio 3.0.1 an IDOR vulnerability exists which allows unauthenticated attackers to view and modify administrative data.
CVE-2020-25803
1Craftercms
1Studio
Nov 21, 2024
Oct 6, 2020
N/A· v4
7.2 HIGH· v3
9.0 HIGH· v2
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker template exposed objects. This issue affects: Cr...Show more
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker template exposed objects. This issue affects: Crafter Software Crafter CMS 3.0 versions prior to 3.0.27; 3.1 versions prior to 3.1.7.Show less
CVE-2020-25802
1Craftercms
1Studio
Nov 21, 2024
Oct 6, 2020
N/A· v4
7.2 HIGH· v3
9.0 HIGH· v2
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy scripting. This issue affects: Crafter Software Craf...Show more
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy scripting. This issue affects: Crafter Software Crafter CMS 3.0 versions prior to 3.0.27; 3.1 versions prior to 3.1.7.Show less
CVE-2018-19907
1Craftercms
1Crafter Cms
Nov 21, 2024
Dec 6, 2018
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
A Server-Side Template Injection issue was discovered in Crafter CMS 3.0.18. Attackers with developer privileges may execute OS commands by Creating/Editing a template file (.ftl filetype) that triggers a call to freemar...Show more
A Server-Side Template Injection issue was discovered in Crafter CMS 3.0.18. Attackers with developer privileges may execute OS commands by Creating/Editing a template file (.ftl filetype) that triggers a call to freemarker.template.utility.Execute in the FreeMarker library during rendering of a web page.Show less