2 matches found
CVE-2021-23262 Snakeyaml deserialization vulnerability bypass
Authenticated administrators may modify the main YAML configuration file and load a Java class resulting in RCE...
CVE-2021-23262
The CVE-2021-23262 issue pertains to Crafter CMS. Authentication is required for the attacker to modify the main YAML configuration file and load a Java class, leading to remote code execution. Multiple sources describe this vulnerability as affecting Crafter CMS and enabling an RCE when authenti...