Lucene search
PRIOn knowledge basePRION:CVE-2021-23259HistoryDec 02, 2021 - 4:15 p.m.
Design/Logic Flaw
2021-12-0216:15:00
PRIOn knowledge base
www.prio-n.com
1
Authenticated users with Administrator or Developer roles may execute OS commands by Groovy Script which uses Groovy lib to render a webpage. The groovy script does not have security restrictions, which will cause attackers to execute arbitrary commands remotely(RCE).
| CPE | Name | Operator | Version |
|---|---|---|---|
| crafter_cms | ge | 3.1.0 | |
| crafter_cms | lt | 3.1.12 |
Related
cvelist
cvelist
CVE-2021-23259 Groovy Sandbox Bypass
2021-12-01 00:00:00
cve
cve
CVE-2021-23259
2021-12-02 16:15:07
osv
osv
CVE-2021-23259
2021-12-02 16:15:07
nvd
nvd
CVE-2021-23259
2021-12-02 16:15:07
cnvd
cnvd
Crafter CMS Access Control Error Vulnerability
2021-12-04 00:00:00