Skip to content

CVE-2022-40635: Groovy Sandbox Bypass in CrafterCMS

Notifications You must be signed in to change notification settings

mbadanoiu/CVE-2022-40635

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 

Repository files navigation

CVE-2022-40635: Groovy Sandbox Bypass in CrafterCMS

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass.

Vendor Disclosure:

The vendor's disclosure and fix for this vulnerability can be found here.

Requirements:

This vulnerability requires:

  • Valid user credentials

Proof Of Concept:

More details and the exploitation process can be found in this PDF.