CVE-2021-23259

Summary

Authenticated users with Administrator or Developer roles may execute OS commands by Groovy Script which uses Groovy lib to render a webpage. The groovy script does not have security restrictions, which will cause attackers to execute arbitrary commands remotely(RCE).

Affected Software

VendorProductVersion RangeStatus
Crafter SoftwareCrafter CMS3.1 < 3.1.12affected

Weaknesses

  • CWE-913: CWE-913 Improper Control of Dynamically-Managed Code Resources

ADP Enrichment

CVE Program Container

Additional References

References