CVE-2021-23267

HIGH

Crafter CMS 3.1.0-3.1.17 - Authenticated Remote Code Execution via FreeMarker Static Methods

Title source: llm
STIX 2.1

Description

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker static methods.

References (1)

Core 1
Core References

Scores

CVSS v3 7.6
EPSS 0.0083
EPSS Percentile 52.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

Details

CWE
CWE-913
Status published
Products (2)
craftercms/crafter_cms 3.1 - 3.1.18
org.craftercms/crafter-studio 3.1.0 - 3.1.18Maven
Published May 16, 2022
Tracked Since Feb 18, 2026