Crafter CMS — Vulnerabilities & Security Advisories 14

All 14 CVE vulnerabilities found in Crafter CMS, with AI-generated Chinese analysis, references, and POCs.

Vendor: Crafter Software

CVE ID	Title	CVSS	Severity	Paused
CVE-2022-40635	Improper Control of Dynamically-Managed Code Resources in Crafter Studio CWE-913	6.4	Medium	2022-09-13
CVE-2022-40634	Improper Control of Dynamically-Managed Code Resources in Crafter Studio CWE-913	6.4	Medium	2022-09-13
CVE-2021-23267	Improper Control of Dynamically-Managed Code Resources in Crafter Studio CWE-913	7.6	High	2022-05-16
CVE-2021-23266	Improper Output Neutralization for Logs in Crafter Studio CWE-117	4.3	Medium	2022-05-16
CVE-2021-23265	Improper Privilege Management in Crafter Studio CWE-269	3.5	Low	2022-05-16
CVE-2021-23264	Transmission of Private Resources into a New Sphere ('Resource Leak') and Exposure of Resource to Wrong Sphere in Crafter Search CWE-402	8.1	High	2021-12-02
CVE-2021-23262	Snakeyaml deserialization vulnerability bypass CWE-913	4.2	Medium	2021-12-02
CVE-2021-23263	Transmission of Private Resources into a New Sphere ('Resource Leak') in Crafter Engine CWE-402	5.9	Medium	2021-12-02
CVE-2021-23261	Overriding the system configuration file causes a denial of service CWE-703	4.5	Medium	2021-12-02
CVE-2021-23259	Groovy Sandbox Bypass CWE-913	4.2	Medium	2021-12-02
CVE-2021-23260	Stored XSS Vulnerability in File Name of the File Upload function CWE-79	6.5	Medium	2021-12-02
CVE-2021-23258	Spring SPEL Expression Language Injection CWE-913	4.2	Medium	2021-12-02
CVE-2020-25803	Authenticated attackers with developer privileges in Crafter Studio may execute OS commands via deep inspection of FreeMarker template exposed objects. CWE-913	4.2	Medium	2020-10-06
CVE-2020-25802	Authenticated attackers with developer privileges in Crafter Studio may execute OS commands via Groovy scripting. CWE-913	4.2	Medium	2020-10-06

All 14 known CVE vulnerabilities affecting Crafter CMS with full Chinese analysis, references, and POCs where available.