Vulnerability Database

289,496

Total vulnerabilities in the database

CVE-2022-40634

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker SSTI.

CVSS v3:

  • Severity: High
  • Score: 7.2
  • AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWEs:

OWASP TOP 10:

Software From Fixed in
craftercms / crafter_cms 3.1.0 3.1.23
org.craftercms / craftercms 3.1.0 3.1.23