CVE-2017-15683
First published: Fri Nov 27 2020(Updated: )
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Craftercms Crafter Cms | >=3.0.0<3.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2017-15683?
CVE-2017-15683 is a vulnerability in Crafter CMS Crafter Studio 3.0.1 that allows an unauthenticated attacker to create a site with specially crafted XML, enabling the retrieval of OS files out-of-band.
What software versions are affected by CVE-2017-15683?
CVE-2017-15683 affects Crafter CMS Crafter Studio versions 3.0.0 to 3.0.1.
What is the severity of CVE-2017-15683?
CVE-2017-15683 has a severity rating of 8.6 (high).
How can an unauthenticated attacker exploit CVE-2017-15683?
An unauthenticated attacker can exploit CVE-2017-15683 by creating a site with specifically crafted XML that allows retrieval of OS files out-of-band.
How can I fix CVE-2017-15683?
To fix CVE-2017-15683, upgrade Crafter CMS Crafter Studio to a version higher than 3.0.1.
- collector/nvd-index
- vendor/craftercms
- canonical/craftercms crafter cms
- version/craftercms crafter cms/3.0.0