Craftercms: community verdicts
6 notable / known-exploited Craftercms CVEs the community has triaged.
- CVE-2017-15681CRIT 9.8Real · low riskEPSS 2%
In Crafter CMS Crafter Studio 3.0.1 a directory traversal vulnerability exists which allows unauthenticated attackers to overwrite files from the operating system which can lead to RCE.
- CVE-2017-15684HIGH 7.5Real · low riskEPSS 2%
Crafter CMS Crafter Studio 3.0.1 has a directory traversal vulnerability which allows unauthenticated attackers to view files from the operating system.
- CVE-2017-15685HIGH 8.6Real · low riskEPSS 2%
Crafter CMS Crafter Studio 3.0.1 is affected by: XML External Entity (XXE). An unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.
- CVE-2017-15683HIGH 8.6Real · low riskEPSS 2%
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.
- CVE-2017-15680MED 6.5EPSS 1%
In Crafter CMS Crafter Studio 3.0.1 an IDOR vulnerability exists which allows unauthenticated attackers to view and modify administrative data.
- CVE-2017-15682MED 6.1EPSS 1%
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel.