Crafter CMS Crafter Studio 3.0.1 is affected by: XML External Entity (XXE). An unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.
View Full Alert
Related Posts
CVE-2017-15682 (crafter_cms)In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel. View Full Alert
CVE-2017-15680 (crafter_cms)In Crafter CMS Crafter Studio 3.0.1 an IDOR vulnerability exists which allows unauthenticated attackers to view and modify administrative data. View Full Alert
CVE-2017-15684 (crafter_cms)Crafter CMS Crafter Studio 3.0.1 has a directory traversal vulnerability which allows unauthenticated attackers to view files from the operating system. View Full Alert
