CVE-2017-15683

CVSS v3.1 8.6 (High)

CVSS v2.0 5 (Medium)

EPSS 0.18 % (55^th)

Affected Products 1

Advisories 1

In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.

Weaknesses

CWE-91: XML Injection (aka Blind XPath Injection)

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2020-11-27 18:15:11
(3 years ago)
Updated Date: 2020-11-28 22:47:24
(3 years ago)

Affected Products

Craftercms

Crafter Cms

Configuration #1

		CPE23	From	Up To
	Craftercms Crafter Cms from 3.0.0 version and prior 3.0.1 version	cpe:2.3:a:craftercms:crafter_cms	>= 3.0.0	< 3.0.1