CVE-2022-40634

MEDIUM

Crafter Studio - Command Injection

Title source: llm

Description

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker SSTI.

Exploits (1)

nomisec WRITEUP
by mbadanoiu · poc
https://github.com/mbadanoiu/CVE-2022-40634

References (1)

Scores

CVSS v3 6.4
EPSS 0.1452
EPSS Percentile 94.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-913
Status published
Products (2)
craftercms/crafter_cms 3.1.0 - 3.1.23
org.craftercms/crafter-studio 3.1.0 - 3.1.23Maven
Published Sep 13, 2022
Tracked Since Feb 18, 2026