2 matches found
CVE-2020-25803
Crafter CMS Crafter Studio is affected by an SSTI/SSRF-like flaw in FreeMarker exposed objects that allows an authenticated developer to execute OS commands, potentially achieving RCE. The publicly documented impact indicates that Crafter CMS 3.0.x before 3.0.27 and 3.1.x before 3.1.7 are vulnera...
CVE-2020-25802
The vulnerability CVE-2020-25802 affects Crafter CMS Crafter Studio and allows authenticated developers to execute OS commands through Groovy scripting due to improper control of dynamically-managed code resources. Based on the connected advisory, affected versions are Crafter CMS 3.0 prior to 3....