Vulnerabilities > Craftercms > Crafter CMS > 3.1.1

DATE CVE VULNERABILITY TITLE RISK
2021-12-02 CVE-2021-23262 Improper Control of Dynamically-Managed Code Resources vulnerability in Craftercms Crafter CMS
Authenticated administrators may modify the main YAML configuration file and load a Java class resulting in RCE.
network
low complexity
craftercms CWE-913
7.2
7.2
2021-12-02 CVE-2021-23263 Exposure of Resource to Wrong Sphere vulnerability in Craftercms Crafter CMS
Unauthenticated remote attackers can read textual content via FreeMarker including files /scripts/*, /templates/* and some of the files in /.git/* (non-binary).
network
low complexity
craftercms CWE-668
7.5
7.5
2021-12-02 CVE-2021-23264 Exposure of Resource to Wrong Sphere vulnerability in Craftercms Crafter CMS
Installations, where crafter-search is not protected, allow unauthenticated remote attackers to create, view, and delete search indexes.
network
low complexity
craftercms CWE-668
critical
 9.1
9.1