CVE-2020-25803
published 2020-10-06CVE-2020-25803: Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands…
PriorityP341high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
1.11%
61.8th percentile
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker template exposed objects. This issue affects: Crafter Software Crafter CMS 3.0 versions prior to 3.0.27; 3.1 versions prior to 3.1.7.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| crafter_software | crafter_cms | >= 3.0 < 3.0.27 | 3.0.27 |
| crafter_software | crafter_cms | >= 3.1 < 3.1.7 | 3.1.7 |
| craftercms | studio | >= 3.0.0 < 3.0.27 | 3.0.27 |
| craftercms | studio | >= 3.1.0 < 3.1.7 | 3.1.7 |
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Improper Control of Dynamically-Managed Code Resources in Crafter CMS Crafter Studio
osv·2022-02-09
CVE-2020-25803 [HIGH] Improper Control of Dynamically-Managed Code Resources in Crafter CMS Crafter Studio
Improper Control of Dynamically-Managed Code Resources in Crafter CMS Crafter Studio
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker template exposed objects. This issue affects: Crafter Software Crafter CMS 3.0 versions prior to 3.0.27; 3.1 versions prior to 3.1.7.
GHSA
Improper Control of Dynamically-Managed Code Resources in Crafter CMS Crafter Studio
ghsa·2022-02-09
CVE-2020-25803 [HIGH] CWE-913 Improper Control of Dynamically-Managed Code Resources in Crafter CMS Crafter Studio
Improper Control of Dynamically-Managed Code Resources in Crafter CMS Crafter Studio
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker template exposed objects. This issue affects: Crafter Software Crafter CMS 3.0 versions prior to 3.0.27; 3.1 versions prior to 3.1.7.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-10-06
Published