CVE-2022-40635 PoC — Crafter CMS 安全漏洞

Source

https://github.com/mbadanoiu/CVE-2022-40635

Associated Vulnerability

Title:Crafter CMS 安全漏洞 (CVE-2022-40635)
Description:Crafter CMS是一套面向数字体验应用程序的开源内容管理系统（CMS）。 Crafter CMS Crafter Studio 3.1.23 之前版本存在安全漏洞，该漏洞源于的动态管理代码资源控制不当，允许经过身份验证的开发人员通过 Groovy Sandbox Bypass执行操作系统命令。

Description

CVE-2022-40635: Groovy Sandbox Bypass in CrafterCMS

Readme

# CVE-2022-40635: Groovy Sandbox Bypass in CrafterCMS

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass.

### Vendor Disclosure:

The vendor's disclosure and fix for this vulnerability can be found [here](https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2022091302).

### Requirements:

This vulnerability requires:
<br/>
- Valid user credentials

### Proof Of Concept:

More details and the exploitation process can be found in this [PDF](https://github.com/mbadanoiu/CVE-2022-40635/blob/main/CrafterCMS%20-%20CVE-2022-40635.pdf).

File Snapshot


 [4.0K]  /data/pocs/72e56bacc9503bac1852773e9a8d9402eb108871
├── [1.8M]  CrafterCMS - CVE-2022-40635.pdf
└── [ 678]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!