CVE-2021-23267

HIGH

Crafter Studio - Command Injection

Title source: llm

Description

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker static methods.

References (1)

[Vendor Advisory] https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2022051603

Scores

CVSS v3 7.6

EPSS 0.0046

EPSS Percentile 64.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

Details

CWE

CWE-913

Status published

Products (2)

craftercms/crafter_cms 3.1 - 3.1.18

org.craftercms/crafter-studio 3.1.0 - 3.1.18Maven

Published May 16, 2022

Tracked Since Feb 18, 2026