Craftercms: >> Crafter Cms >> 3.1.5 Security Vulnerabilities
Authenticated administrators may modify the main YAML configuration file and load a Java class resulting in RCE.
CVSS Score
4.2
EPSS Score
0.005
Published
2021-12-02
Unauthenticated remote attackers can read textual content via FreeMarker including files /scripts/*, /templates/* and some of the files in /.git/* (non-binary).
CVSS Score
5.9
EPSS Score
0.011
Published
2021-12-02
Installations, where crafter-search is not protected, allow unauthenticated remote attackers to create, view, and delete search indexes.
CVSS Score
8.1
EPSS Score
0.011
Published
2021-12-02
Page 2