Craftercms: >> Crafter Cms >> 3.1.14 Security Vulnerabilities
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crafter Studio on Linux, MacOS, Windows, x86, ARM, 64 bit allows SQL Injection.This issue affects CrafterCMS v4.0 from 4.0.0 through 4.0.1, and v3.1 from 3.1.0 through 3.1.26.
CVSS Score
5.7
EPSS Score
0.002
Published
2023-02-17
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker SSTI.
CVSS Score
6.4
EPSS Score
0.074
Published
2022-09-13
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass.
CVSS Score
6.4
EPSS Score
0.039
Published
2022-09-13
A logged-in and authenticated user with a Reviewer Role may lock a content item.
CVSS Score
3.5
EPSS Score
0.004
Published
2022-05-16
An anonymous user can craft a URL with text that ends up in the log viewer as is. The text can then include textual messages to mislead the administrator.
CVSS Score
4.3
EPSS Score
0.002
Published
2022-05-16
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker static methods.
CVSS Score
7.6
EPSS Score
0.005
Published
2022-05-16
Unauthenticated remote attackers can read textual content via FreeMarker including files /scripts/*, /templates/* and some of the files in /.git/* (non-binary).
CVSS Score
5.9
EPSS Score
0.011
Published
2021-12-02
Installations, where crafter-search is not protected, allow unauthenticated remote attackers to create, view, and delete search indexes.
CVSS Score
8.1
EPSS Score
0.011
Published
2021-12-02