Updated On 4.1.1

Security Advisories

CV-2023080301

Date	2023.08.03
Affected Versions	4.0 <= 4.0.2, 3.1 =< 3.1.27
Vulnerability Type	CWE-79 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
Risk	High
Description	Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CrafterCMS Engine on Windows, MacOS, Linux, x86, ARM, 64 bit allows Reflected XSS.
CVE	https://www.cve.org/cverecord?id=CVE-2023-4136
Credit	Discovered by Egidio Romano <egidio.romano@mindedsecurity.com>, working with IMQ Minded Security

CV-2023021701

Date	2023.02.17
Affected Versions	4.0 <= 4.0.1, 3.1 =< 3.1.26
Vulnerability Type	CWE-89 Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
Risk	Medium
Description	Authenticated administrators can perform a SQL Injection attack against the authoring database that holds Studio users, groups, and item workflow states.
CVE	https://www.cve.org/CVERecord?id=CVE-2023-26020
Credit	Gil Correia, gil.correia@devoteam.com

CV-2022091302

Date	2022.09.13
Affected Versions	3.1 < 3.1.23
Vulnerability Type	CWE-913 Improper Control of Dynamically-Managed Code Resources
Risk	Medium
Description	Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass.
CVE	https://www.cve.org/CVERecord?id=CVE-2022-40635
Credit	Matei “Mal” Badanoiu, https://github.com/mbadanoiu

CV-2022091301

Date	2022.09.13
Affected Versions	3.1 < 3.1.23
Vulnerability Type	CWE-913 Improper Control of Dynamically-Managed Code Resources
Risk	Medium
Description	Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker SSTI.
CVE	https://www.cve.org/CVERecord?id=CVE-2022-40634
Credit	Matei “Mal” Badanoiu, https://github.com/mbadanoiu

CV-2022051603

Date	2022.05.16
Affected Versions	3.1 < 3.1.18
Vulnerability Type	CWE-913 Improper Control of Dynamically-Managed Code Resources
Risk	High
Description	Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker static methods.
CVE	https://www.cve.org/CVERecord?id=CVE-2021-23267
Credit	Kai Zhao (ToTU Security Team), https://github.com/happyhacking-k

CV-2022051602

Date	2022.05.16
Affected Versions	3.1 < 3.1.18
Vulnerability Type	CWE-117 Improper Output Neutralization for Logs
Risk	Medium
Description	An anonymous user can craft a URL with text that ends up in the log viewer as is.The text can then include textual messages to mislead the administrator.
CVE	https://www.cve.org/CVERecord?id=CVE-2021-23266
Credit	Faizan Wani, https://github.com/faizanw8

CV-2022051601

Date	2022.05.16
Affected Versions	3.1 < 3.1.18
Vulnerability Type	CWE-269 Improper Privilege Management
Risk	Low
Description	A logged-in and authenticated user with a Reviewer Role may lock a content item.
CVE	https://www.cve.org/CVERecord?id=CVE-2021-23265
Credit	Faizan Wani, https://github.com/faizanw8

CV-2021120101

Date	2021.12.01
Affected Versions	3.1 < 3.1.12
Vulnerability Type	CWE-913: Improper Control of Dynamically-Managed Code Resources
Risk	Medium
Description	Spring SPEL Expression Language Injection
CVE	https://www.cve.org/CVERecord?id=CVE-2021-23258
Credit	Kai Zhao (ToTU Security Team), https://github.com/happyhacking-k

CV-2021120102

Date	2021.12.01
Affected Versions	3.1 < 3.1.12
Vulnerability Type	CWE-913: Improper Control of Dynamically-Managed Code Resources
Risk	Medium
Description	Groovy Sandbox Bypass
CVE	https://www.cve.org/CVERecord?id=CVE-2021-23259
Credit	Kai Zhao (ToTU Security Team), https://github.com/happyhacking-k

CV-2021120103

Date	2021.12.01
Affected Versions	3.1 < 3.1.12
Vulnerability Type	CWE-79: Improper Neutralization of Input During Web Page Generation(‘Cross-site Scripting’)
Risk	Medium
Description	Stored XSS Vulnerability in File Name of the File Upload function
CVE	https://www.cve.org/CVERecord?id=CVE-2021-23260
Credit	Kai Zhao (ToTU Security Team), https://github.com/happyhacking-k

CV-2021120104

Date	2021.12.01
Affected Versions	3.1 < 3.1.13
Vulnerability Type	CWE-703 Improper Check or Handling of Exceptional Conditions
Risk	Medium
Description	Overriding the system configuration file causes a denial of service
CVE	https://www.cve.org/CVERecord?id=CVE-2021-23261
Credit	Kai Zhao (ToTU Security Team), https://github.com/happyhacking-k

CV-2021120105

Date	2021.12.01
Affected Versions	3.1 < 3.1.13
Vulnerability Type	CWE-913 Improper Control of Dynamically-Managed Code Resources
Risk	Medium
Description	Snakeyaml deserialization vulnerability bypass
CVE	https://www.cve.org/CVERecord?id=CVE-2021-23262
Credit	Kai Zhao (ToTU Security Team), https://github.com/happyhacking-k

CV-2021120106

Date	2021.12.01
Affected Versions	3.1 < 3.1.15
Vulnerability Type	CWE-402: Transmission of Private Resources into a New Sphere (‘Resource Leak’)
Risk	Medium
Description	Transmission of Private Resources into a New Sphere (‘Resource Leak’) in CrafterEngine
CVE	https://www.cve.org/CVERecord?id=CVE-2021-23263
Credit	Carlos Ortiz, https://github.com/cortiz

CV-2021120107

Date	2021.12.01
Affected Versions	3.1 < 3.1.15
Vulnerability Type	CWE-402: Transmission of Private Resources into a New Sphere (‘Resource Leak’) CWE-668 Exposure of Resource to Wrong Sphere
Risk	High
Description	Transmission of Private Resources into a New Sphere (‘Resource Leak’) and Exposureof Resource to Wrong Sphere in Crafter Search
CVE	https://www.cve.org/CVERecord?id=CVE-2021-23264
Credit	Sparsh Kulshrestha, https://github.com/sparshkulshrestha

CV-2020080101

Date	2020.08.01
Affected Versions	3.0 < 3.0.27 3.1 < 3.1.7
Vulnerability Type	RCE
Risk	Medium
Description	Authenticated attackers with developer privileges in Crafter Studio may execute OS commands via Groovy scripting.
CVE	https://www.cve.org/CVERecord?id=CVE-2020-25802
Credit	Kai Zhao (ToTU Security Team), https://github.com/happyhacking-k

CV-2020080102

Date	2020.08.01
Affected Versions	3.0 < 3.0.27 3.1 < 3.1.7
Vulnerability Type	RCE
Risk	Medium
Description	Authenticated attackers with developer privileges in Crafter Studio may execute OS commands via deep inspection of FreeMarker template exposed objects.
CVE	https://www.cve.org/CVERecord?id=CVE-2020-25803
Credit	Alvaro Muñoz (GitHub), https://github.com/pwntester

CV-2018120601

Date	2018.12.06
Affected Versions	3.0 < 3.0.19
Vulnerability Type	RCE
Risk	Medium
Description	Authenticated attackers with developer privileges in Crafter Studio may execute OS commands via FreeMarker templates.
CVE	https://nvd.nist.gov/vuln/detail/CVE-2018-19907
Credit	Buxu, https://github.com/buxu

CV-2017061501

Date	2017.06.15
Affected Versions	3.0 < 3.0.1
Vulnerability Type	IDOR
Risk	High
Description	An IDOR vulnerability exists which allows unauthenticated attackers to view and modify administrative data.
CVE	https://www.cve.org/CVERecord?id=CVE-2017-15680
Credit	Jasmin Landry, https://github.com/JR0ch17

CV-2017061502

Date	2017.06.15
Affected Versions	3.0 < 3.0.1
Vulnerability Type	Directory Traversal
Risk	Critical
Description	A directory traversal vulnerability exists which allows unauthenticated attackers to overwrite files from the operating system which can lead to RCE.
CVE	https://www.cve.org/CVERecord?id=CVE-2017-15681
Credit	Jasmin Landry, https://github.com/JR0ch17

CV-2017061503

Date	2017.06.15
Affected Versions	3.0 < 3.0.1
Vulnerability Type	Stored XSS
Risk	High
Description	An unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel.
CVE	https://www.cve.org/CVERecord?id=CVE-2017-15682
Credit	Jasmin Landry, https://github.com/JR0ch17

CV-2017061504

Date	2017.06.15
Affected Versions	3.0 < 3.0.1
Vulnerability Type	XXE
Risk	High
Description	An unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.
CVE	https://www.cve.org/CVERecord?id=CVE-2017-15683
Credit	Jasmin Landry, https://github.com/JR0ch17

CV-2017061505

Date	2017.06.15
Affected Versions	3.0 < 3.0.1
Vulnerability Type	Directory Traversal
Risk	High
Description	A directory traversal vulnerability exists which allows unauthenticated attackers to view files from the operating system.
CVE	https://www.cve.org/CVERecord?id=CVE-2017-15684
Credit	Jasmin Landry, https://github.com/JR0ch17

CV-2017061506

Date	2017.06.15
Affected Versions	3.0 < 3.0.1
Vulnerability Type	XXE
Risk	High
Description	An unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.
CVE	https://www.cve.org/CVERecord?id=CVE-2017-15685
Credit	Jasmin Landry, https://github.com/JR0ch17

CV-2017061507

Date	2017.06.15
Affected Versions	3.0 < 3.0.1
Vulnerability Type	Reflected XSS
Risk	Medium
Description	A reflected XSS vulnerability exists which allows remote attackers to steal users’ cookies resulting in them hijacking their session.
CVE	https://www.cve.org/CVERecord?id=CVE-2017-15686
Credit	Jasmin Landry, https://github.com/JR0ch17