XML External Entity Vulnerability in Crafter CMS by Crafter Software
CVE-2017-15685

8.6HIGH

Key Information:

Vendor: Craftercms
Status: Crafter Cms
Vendor: CVE Published:; 27 November 2020

What is CVE-2017-15685?

The XML External Entity (XXE) vulnerability in Crafter Studio 3.0.1 allows unauthenticated attackers to exploit specially crafted XML inputs. This vulnerability facilitates out-of-band file retrieval from the operating system, potentially exposing sensitive system files and leading to significant security risks. Users of Crafter Studio are strongly advised to evaluate their system's exposure and apply necessary security patches.

References

http://crafter.com

x_refsource_MISC

https://docs.craftercms.org/en/3.0/security/advisory.html

x_refsource_MISC

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 27, 2020
Vulnerability Reserved
Oct 20, 2017

Craftercms

What is CVE-2017-15685?

References

CVSS V3.1

Timeline