Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-40635 PoC — Improper Control of Dynamically-Managed Code Resources in Crafter Studio

Source
https://github.com/mbadanoiu/CVE-2022-40635
Associated Vulnerability
Title:Improper Control of Dynamically-Managed Code Resources in Crafter Studio (CVE-2022-40635)
Description:Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass.
Description
CVE-2022-40635: Groovy Sandbox Bypass in CrafterCMS
Readme
# CVE-2022-40635: Groovy Sandbox Bypass in CrafterCMS

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass.

### Vendor Disclosure:

The vendor's disclosure and fix for this vulnerability can be found [here](https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2022091302).

### Requirements:

This vulnerability requires:
<br/>
- Valid user credentials

### Proof Of Concept:

More details and the exploitation process can be found in this [PDF](https://github.com/mbadanoiu/CVE-2022-40635/blob/main/CrafterCMS%20-%20CVE-2022-40635.pdf).
File Snapshot

 [4.0K]  /data/pocs/72e56bacc9503bac1852773e9a8d9402eb108871
├── [1.8M]  CrafterCMS - CVE-2022-40635.pdf
└── [ 678]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →