CVE-2020-25802

High

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to…

crafter·CWE-913·Published 2020-10-06

CVSS

7.2

EPSS

0.01

KEV

Exploits

cve.orgen

286 chars

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy scripting. This issue affects: Crafter Software Crafter CMS 3.0 versions prior to 3.0.27; 3.1 versions prior to 3.1.7.

NVDen

286 chars

OSV.deven

286 chars

GHSAen

286 chars

NVDes

365 chars

Una vulnerabilidad de Control Inapropiado de Recursos de Código Administrado Dinámicamente en Crafter Studio de Crafter CMS, permite a desarrolladores autenticados ejecutar comandos de Sistema Operativo por medio de scripting Groovy. Este problema afecta a: Crafter Software Crafter CMS versiones 3.0 anteriores a 3.0.27; versiones 3.1 anteriores a 3.1.7

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	9.0	8.0	10.0	AV:N/AC:L/Au:S/C:C/I:C/A:C
3.1	Primary	NVD	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	4.2	—	—	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H
3.1	Primary	cve.org	4.2	—	—	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H
3.1	Secondary	GHSA	7.2	—	—	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
3.1	Secondary	NVD	4.2	0.5	3.6	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H