CVE-2017-15680
published 2020-11-27CVE-2017-15680: In Crafter CMS Crafter Studio 3.0.1 an IDOR vulnerability exists which allows unauthenticated attackers to view and modify administrative data.
PriorityP336medium6.5CVSS 3.1
AVNACLPRNUINSUCLILAN
EPSS
0.74%
50.1th percentile
In Crafter CMS Crafter Studio 3.0.1 an IDOR vulnerability exists which allows unauthenticated attackers to view and modify administrative data.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| craftercms | crafter_cms | >= 3.0 < 3.0.1 | 3.0.1 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Missing Authorization in Crafter CMS
osv·2022-05-24
CVE-2017-15680 [MEDIUM] Missing Authorization in Crafter CMS
Missing Authorization in Crafter CMS
In Crafter CMS Crafter Studio 3.0 prior to 3.0.1 an IDOR vulnerability exists which allows unauthenticated attackers to view and modify administrative data.
GHSA
Missing Authorization in Crafter CMS
ghsa·2022-05-24
CVE-2017-15680 [MEDIUM] CWE-862 Missing Authorization in Crafter CMS
Missing Authorization in Crafter CMS
In Crafter CMS Crafter Studio 3.0 prior to 3.0.1 an IDOR vulnerability exists which allows unauthenticated attackers to view and modify administrative data.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-11-27
Published