CVE-2022-40634

Summary

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker SSTI.

Affected Software

VendorProductVersion RangeStatus
Crafter SoftwareCrafter CMS3.1 <= 3.1.22affected

Weaknesses

  • CWE-913: CWE-913 Improper Control of Dynamically-Managed Code Resources

ADP Enrichment

CVE Program Container

Additional References

References