Known Vulnerabilities for Crafter Cms by Craftercms
Listed below are 10 of the newest known vulnerabilities associated with "Crafter Cms" by "Craftercms".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-26020 json | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crafter Studio on Linux... | 7.2 - HIGH | 2023-02-17 | 2023-11-07 |
| CVE-2022-40635 json | Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated de... | 7.2 - HIGH | 2022-09-13 | 2022-09-16 |
| CVE-2022-40634 json | Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated de... | 7.2 - HIGH | 2022-09-13 | 2022-09-16 |
| CVE-2021-23267 json | Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated de... | 8.8 - HIGH | 2022-05-16 | 2022-05-25 |
| CVE-2021-23266 json | An anonymous user can craft a URL with text that ends up in the log viewer as is. The text can then include textual messages ... | 4.3 - MEDIUM | 2022-05-16 | 2022-05-25 |
| CVE-2021-23265 json | A logged-in and authenticated user with a Reviewer Role may lock a content item. | 4.3 - MEDIUM | 2022-05-16 | 2022-08-30 |
| CVE-2021-23264 json | Installations, where crafter-search is not protected, allow unauthenticated remote attackers to create, view, and delete sear... | 9.1 - CRITICAL | 2021-12-02 | 2021-12-04 |
| CVE-2021-23263 json | Unauthenticated remote attackers can read textual content via FreeMarker including files /scripts/*, /templates/* and some of... | 7.5 - HIGH | 2021-12-02 | 2022-08-30 |
| CVE-2021-23262 json | Authenticated administrators may modify the main YAML configuration file and load a Java class resulting in RCE. | 7.2 - HIGH | 2021-12-02 | 2021-12-03 |
| CVE-2021-23261 json | Authenticated administrators may override the system configuration file and cause a denial of service. | 4.9 - MEDIUM | 2021-12-02 | 2021-12-03 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Craftercms | Crafter Cms | 3.1.3 | |||
| Application | Craftercms | Crafter Cms | 3.1.2 | |||
| Application | Craftercms | Crafter Cms | 3.1.1 | |||
| Application | Craftercms | Crafter Cms | 3.1.0 | |||
| Application | Craftercms | Crafter Cms | 3.0.9 | |||
| Application | Craftercms | Crafter Cms | 3.0.8 | |||
| Application | Craftercms | Crafter Cms | 3.0.7 | |||
| Application | Craftercms | Crafter Cms | 3.0.6 | |||
| Application | Craftercms | Crafter Cms | 3.0.5 | |||
| Application | Craftercms | Crafter Cms | 3.0.4 | |||
| Application | Craftercms | Crafter Cms | 3.0.3 | |||
| Application | Craftercms | Crafter Cms | 3.0.26 | |||
| Application | Craftercms | Crafter Cms | 3.0.25 | |||
| Application | Craftercms | Crafter Cms | 3.0.24 | |||
| Application | Craftercms | Crafter Cms | 3.0.23 | |||
| Application | Craftercms | Crafter Cms | 3.0.22 | |||
| Application | Craftercms | Crafter Cms | 3.0.21 | |||
| Application | Craftercms | Crafter Cms | 3.0.20 | |||
| Application | Craftercms | Crafter Cms | 3.0.2 | |||
| Application | Craftercms | Crafter Cms | 3.0.19 |