mbadanoiu / CVE-2022-40635

CVE-2022-40635: Groovy Sandbox Bypass in CrafterCMS

0-day authenticated bypass cve cves groovy remote-code-execution cve-2022-40635

CVE-2022-40635: Groovy Sandbox Bypass in CrafterCMS

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass.

Vendor Disclosure:

The vendor's disclosure and fix for this vulnerability can be found here.

Requirements:

This vulnerability requires:

Valid user credentials

Proof Of Concept:

More details and the exploitation process can be found in this PDF.

About

CVE-2022-40635: Groovy Sandbox Bypass in CrafterCMS

0-day authenticated bypass cve cves groovy remote-code-execution cve-2022-40635