PT-2021-5585 · Unknown · Crafter Cms

Sparsh Kulshrestha

Published

2021-12-01

Updated

2021-12-16

CVE-2021-23264

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Crafter CMS (affected versions not specified)

Description The issue is related to security configuration errors in Crafter CMS. It allows remote attackers to create, view, and delete search indexes if crafter-search is not protected. This can be exploited by unauthenticated remote attackers.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-402CWE-668

Related Identifiers

BDU:2022-00015

CVE-2021-23264

GHSA-2WR2-8QJQ-GH55

Affected Products

Crafter Cms

PT-2021-5585 · Unknown · Crafter Cms

CVE-2021-23264

Weakness Enumeration

Related Identifiers

Affected Products

References · 8