PT-2020-8130 · Crafter Cms · Crafter Studio

Published

2020-11-27

Updated

2022-02-09

CVE-2017-15685

CVSS v3.1

8.6

High

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Crafter CMS Crafter Studio version 3.0.1

Description: The issue allows an unauthenticated attacker to create a site with specially crafted XML, enabling the retrieval of OS files out-of-band due to an XML External Entity (XXE) issue.

Recommendations: For Crafter CMS Crafter Studio version 3.0.1, consider disabling the XML parsing functionality until a patch is available to prevent exploitation of the XXE issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-91

Related Identifiers

CVE-2017-15685

GHSA-5HR6-VC97-QXXH

Affected Products

Crafter Studio

PT-2020-8130 · Crafter Cms · Crafter Studio

CVE-2017-15685

Weakness Enumeration

Related Identifiers

Affected Products

References · 8