Authenticated administrators may modify the main YAML configuration file and load a Java class resulting in RCE.
Published December 2, 2021.
Craftercms Crafter CMS
