Design/Logic Flaw

2020-10-0615:15:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.9%

JSON

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker template exposed objects. This issue affects: Crafter Software Crafter CMS 3.0 versions prior to 3.0.27; 3.1 versions prior to 3.1.7.

CPENameOperatorVersion
studioge3.0.0
studiolt3.0.27
studioge3.1.0
studiolt3.1.7

Name	Operator	Version
studio	ge	3.0.0
studio	lt	3.0.27
studio	ge	3.1.0
studio	lt	3.1.7

References

docs.craftercms.org/en/3.1/security/advisory.html