CVE-2017-15681
moderate-risk
Published 2020-11-27
In Crafter CMS Crafter Studio 3.0.1 a directory traversal vulnerability exists which allows unauthenticated attackers to overwrite files from the operating system which can lead to RCE.
Do I need to act?
~
2.0% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: 7b89f76b0e9287c89a7c0d50c98f58729adfb5b0
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (1)
Affected Vendors
References (4)
Product
http://crafter.com
Vendor Advisory
https://docs.craftercms.org/en/3.0/security/advisory.html
Product
http://crafter.com
Vendor Advisory
https://docs.craftercms.org/en/3.0/security/advisory.html
42
/ 100
moderate-risk
Severity
32/34 · Critical
Exploitability
5/34 · Minimal
Exposure
5/34 · Minimal