Crafter CMS Crafter Studio 3.0.1 is affected by: XML External Entity (XXE). An unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.
References
Link | Resource |
---|---|
https://docs.craftercms.org/en/3.0/security/advisory.html | Vendor Advisory |
http://crafter.com | Product |
Configurations
Information
Published : 2020-11-27 10:15
Updated : 2020-11-28 14:53
NVD link : CVE-2017-15685
Mitre link : CVE-2017-15685
JSON object : View
CWE
CWE-91
XML Injection (aka Blind XPath Injection)
Products Affected
craftercms
- crafter_cms