CVE-2022-40635: Groovy Sandbox Bypass in CrafterCMS

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass.

Vendor Disclosure:

The vendor's disclosure and fix for this vulnerability can be found here.

Requirements:

This vulnerability requires:

Valid user credentials

Proof Of Concept:

More details and the exploitation process can be found in this PDF.

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
CrafterCMS - CVE-2022-40635.pdf		CrafterCMS - CVE-2022-40635.pdf
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

CVE-2022-40635: Groovy Sandbox Bypass in CrafterCMS

Vendor Disclosure:

Requirements:

Proof Of Concept:

About

Uh oh!

mbadanoiu/CVE-2022-40635

Folders and files

Latest commit

History

Repository files navigation

CVE-2022-40635: Groovy Sandbox Bypass in CrafterCMS

Vendor Disclosure:

Requirements:

Proof Of Concept:

About

Topics

Resources

Uh oh!

Stars

Watchers

Forks