4 matches found
CVE-2021-23259
Authenticated users with Administrator or Developer roles may execute OS commands by Groovy Script which uses Groovy lib to render a webpage. The groovy script does not have security restrictions, which will cause attackers to execute arbitrary commands remotelyRCE...
CVE-2021-23259
Authenticated users with Administrator or Developer roles may execute OS commands by Groovy Script which uses Groovy lib to render a webpage. The groovy script does not have security restrictions, which will cause attackers to execute arbitrary commands remotelyRCE...
CVE-2021-23259 Groovy Sandbox Bypass
Authenticated users with Administrator or Developer roles may execute OS commands by Groovy Script which uses Groovy lib to render a webpage. The groovy script does not have security restrictions, which will cause attackers to execute arbitrary commands remotelyRCE...
CVE-2021-23259
Crafter CMS vulnerability CVE-2021-23259 allows authenticated users with Administrator or Developer roles to execute OS commands via a Groovy Script that renders pages. The root cause is Groovy script execution without security restrictions, enabling remote command execution (RCE). This is descri...