A Server-Side Template Injection issue was discovered in Crafter CMS 3.0.18. Attackers with developer privileges may execute OS commands by Creating/Editing a template file (.ftl filetype) that triggers a call to freemarker.template.utility.Execute in the FreeMarker library during rendering of a web page.
References
Configurations
History
21 Nov 2024, 03:58
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/craftercms/craftercms/issues/2677 - Exploit, Third Party Advisory | |
References | () https://medium.com/%40buxuqua/rce-vulnerability-in-crafter-cms-server-side-template-injection-19d8708ce242 - |
07 Nov 2023, 02:55
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2018-12-06 07:29
Updated : 2024-11-21 03:58
NVD link : CVE-2018-19907
Mitre link : CVE-2018-19907
CVE.ORG link : CVE-2018-19907
JSON object : View
Products Affected
craftercms
- crafter_cms
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')