Buxuo

**Name of the Vulnerable Software and Affected Versions** Crafter CMS version 3.0.18 **Description** A Server-Side Template Injection issue allows attackers with developer privileges to execute OS commands by creating or editing a template file (.ftl filetype) that triggers a call to `freemarker.template.utility.Execute` in the FreeMarker library during rendering of a web page. **Recommendations** For Crafter CMS version 3.0.18, consider restricting access to template file creation and editing to prevent potential exploitation until a patch is available. As a temporary workaround, consider disabling the use of the FreeMarker library or restricting its functionality to minimize the risk of OS command execution.