CVE-2022-40635

MEDIUM

Crafter Studio - Command Injection

Title source: llm

Description

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass.

Exploits (1)

nomisec WRITEUP 2 stars

by mbadanoiu · poc

https://github.com/mbadanoiu/CVE-2022-40635

View Code ZIP pw:eip

References (1)

[Vendor Advisory] https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2022051602

Scores

CVSS v3 6.4

EPSS 0.1299

EPSS Percentile 94.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-913

Status published

Products (2)

craftercms/crafter_cms 3.1.0 - 3.1.23

org.craftercms/craftercms 3.1.0 - 3.1.23Maven

Published Sep 13, 2022

Tracked Since Feb 18, 2026