Lucene search
K

25 matches found

Veracode
Veracode
added 2026/02/09 8:35 a.m.10 views

Remote Code Execution (RCE)

Crafter CMS is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper control of dynamically managed Groovy code, where authenticated developers can bypass the Groovy sandbox by injecting malicious Groovy elements, allowing execution of arbitrary OS commands...

7.3CVSS6.1AI score0.00425EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/03 9:19 p.m.7 views

CVE-2026-1770

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass sandbox restrictions and obtain RCE Remote Code...

7.3CVSS5.7AI score0.00425EPSS
Exploits0References1
OSV
OSV
added 2026/02/02 6:31 p.m.6 views

GHSA-GJ28-GW7W-3PXC Crafter CMS has Improper Control of Dynamically-Managed Code Resources

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass sandbox restrictions and obtain RCE Remote Code...

7.3CVSS5.7AI score0.00425EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/02/02 6:31 p.m.10 views

Crafter CMS has Improper Control of Dynamically-Managed Code Resources

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass sandbox restrictions and obtain RCE Remote Code...

7.3CVSS5.7AI score0.00425EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/02/02 4:16 p.m.10 views

EUVD-2026-5112

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass sandbox restrictions and obtain RCE Remote Code...

7.3CVSS5.7AI score0.00425EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/02 4:16 p.m.5 views

CVE-2026-1770 Improper Control of Dynamically-Managed Code Resources in Crafter Studio

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass sandbox restrictions and obtain RCE Remote Code...

7.3CVSS5.7AI score0.00425EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/02 4:16 p.m.28 views

CVE-2026-1770 Improper Control of Dynamically-Managed Code Resources in Crafter Studio

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass sandbox restrictions and obtain RCE Remote Code...

7.3CVSS0.00425EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.16 views

PT-2026-5681

Name of the Vulnerable Software and Affected Versions Crafter CMS versions affected versions not specified Description An issue exists in Crafter Studio of Crafter CMS that allows authenticated developers to execute operating system commands. This is due to a bypass of the Groovy Sandbox...

7.3CVSS6.1AI score0.00425EPSS
Exploits0References8
Veracode
Veracode
added 2025/06/25 5:37 a.m.7 views

Remote Code Execution (RCE)

CrafterCMS is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper control of dynamically-managed code resources due to a Groovy Sandbox bypass that allows authenticated developers to execute OS commands...

9.1CVSS7.7AI score0.00852EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2025/06/19 8:57 p.m.30 views

CVE-2025-6384

CrafterCMS Crafter Studio is affected by CVE-2025-6384 (versions 4.0.0–4.2.2). The issue is an Improper Control of Dynamically-Managed Code Resources that allows authenticated developers to bypass the Groovy sandbox, enabling remote code execution (RCE) by injecting malicious Groovy elements. The...

9.1CVSS7.1AI score0.00852EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/06/19 8:57 p.m.5 views

CVE-2025-6384 Improper Control of Dynamically-Managed Code Resources in Crafter Studio

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of CrafterCMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass Sandbox restrictions and obtain RCE Remote Code...

7.3CVSS7AI score0.00852EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/06/19 8:57 p.m.14 views

CVE-2025-6384 Improper Control of Dynamically-Managed Code Resources in Crafter Studio

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of CrafterCMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass Sandbox restrictions and obtain RCE Remote Code...

7.3CVSS0.00852EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/06/19 12:0 a.m.6 views

CrafterCMS 安全漏洞

CrafterCMS is a Java-based CMS from CrafterCMS, Inc. A security vulnerability exists in CrafterCMS versions 4.0.0 through 4.2.2 that stems from a Groovy sandbox bypass resulting in OS commands that can be executed by certified developers...

9.1CVSS6.8AI score0.00852EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/06/19 12:0 a.m.9 views

PT-2025-26243

Name of the Vulnerable Software and Affected Versions CrafterCMS versions 4.0.0 through 4.2.2 Description An issue exists in Crafter Studio of CrafterCMS that allows authenticated developers to execute operating system commands. This is due to improper control of dynamically-managed code resource...

9.1CVSS7.3AI score0.00852EPSS
Exploits1References13
OSV
OSV
added 2022/09/14 12:0 a.m.20 views

GHSA-J6X3-3JQQ-M922 CrafterCMS OS Command Injection vulnerability

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass...

7.2CVSS7.2AI score0.01221EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/09/14 12:0 a.m.27 views

CrafterCMS OS Command Injection vulnerability

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass...

7.2CVSS7.2AI score0.01221EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2022/09/13 7:15 p.m.34 views

CVE-2022-40635

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass...

7.2CVSS0.01221EPSS
Exploits0References1
OSV
OSV
added 2022/09/13 7:15 p.m.20 views

CVE-2022-40635

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass...

7.2CVSS7.2AI score
Exploits0References1
Prion
Prion
added 2022/09/13 7:15 p.m.18 views

Design/Logic Flaw

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass...

5.8CVSS7.1AI score0.01221EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/09/13 6:25 p.m.59 views

CVE-2022-40635

The CVE-2022-40635 entry describes an issue in Crafter CMS Crafter Studio titled “Improper Control of Dynamically-Managed Code Resources.” The connected advisories (e.g., GitHub GHSA-J6X3-3JQQ-M922 and OSV) reiterate that authenticated developers can execute operating system commands via a Groovy...

7.2CVSS6.8AI score0.01221EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder