CVE-2022-40634

MEDIUM

Crafter CMS 3.1.0-3.1.22 - Authenticated Remote Code Execution via FreeMarker SSTI

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-40634. PoCs published by mbadanoiu.

AI-analyzed exploit summary This repository provides a writeup for CVE-2022-40634, detailing a Server-Side Template Injection (SSTI) vulnerability in CrafterCMS that can lead to Remote Code Execution (RCE). The README references a PDF for exploitation details and acknowledges prior research that inspired the discovery.

Description

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker SSTI.

Exploits (1)

nomisec WRITEUP

by mbadanoiu · poc

https://github.com/mbadanoiu/CVE-2022-40634

View Code ZIP pw:eip

This repository provides a writeup for CVE-2022-40634, detailing a Server-Side Template Injection (SSTI) vulnerability in CrafterCMS that can lead to Remote Code Execution (RCE). The README references a PDF for exploitation details and acknowledges prior research that inspired the discovery.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: CrafterCMS

Auth required

Prerequisites: Valid user credentials

MITRE ATT&CK

T1221 - Template Injection

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2022051601

Scores

CVSS v3 6.4

EPSS 0.1452

EPSS Percentile 94.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-913

Status published

Products (2)

craftercms/crafter_cms 3.1.0 - 3.1.23

org.craftercms/crafter-studio 3.1.0 - 3.1.23Maven

Published Sep 13, 2022

Tracked Since Feb 18, 2026