CVE-2017-15685
First published: Fri Nov 27 2020(Updated: )
Crafter CMS Crafter Studio 3.0.1 is affected by: XML External Entity (XXE). An unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Craftercms Crafter Cms | >=3.0.0<3.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2017-15685?
CVE-2017-15685 is a vulnerability in Crafter CMS Crafter Studio 3.0.1 that allows an unauthenticated attacker to retrieve OS files through specially crafted XML.
How does XML External Entity (XXE) affect Crafter CMS Crafter Studio 3.0.1?
XML External Entity (XXE) vulnerability in Crafter CMS Crafter Studio 3.0.1 allows an attacker to create a site with malicious XML, leading to the retrieval of OS files.
How severe is CVE-2017-15685?
CVE-2017-15685 has a severity value of 8.6, indicating a high severity.
What software versions are affected by CVE-2017-15685?
Crafter CMS Crafter Studio versions 3.0.0 and 3.0.1 are affected by CVE-2017-15685.
How can I fix the XML External Entity (XXE) vulnerability in Crafter CMS Crafter Studio 3.0.1?
To fix the XML External Entity (XXE) vulnerability in Crafter CMS Crafter Studio 3.0.1, apply the official security advisory provided by CrafterCMS.
- collector/nvd-index
- vendor/craftercms
- canonical/craftercms crafter cms
- version/craftercms crafter cms/3.0.0