CVE-2022-40634 PoC — Improper Control of Dynamically-Managed Code Resources in Crafter Studio

Source

Associated Vulnerability

Description

CVE-2022-40634: FreeMarker Server-Side Template Injection in CrafterCMS

Readme

# CVE-2022-40634: FreeMarker Server-Side Template Injection in CrafterCMS

By inserting malicious content in a FTL template, an attacker may perform SSTI (Server-Side Template Injection) attacks, which can leverage FreeMarker exposed objects to bypass restrictions and obtain RCE (Remote Code Execution).

### Vendor Disclosure:

The vendor's disclosure and fix for this vulnerability can be found [here](https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2022091301).

### Requirements:

This vulnerability requires:
<br/>
- Valid user credentials

### Proof Of Concept:

More details and the exploitation process can be found in this [PDF](https://github.com/mbadanoiu/CVE-2022-40634/blob/main/CrafterCMS%20-%20CVE-2022-40634.pdf).

### Additional Resources:

Initial [vulnerability (CVE-2020-25803)](https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2020080102) and [blogpost](https://securitylab.github.com/advisories/GHSL-2020-042-crafter_cms/) by [Alvaro "pwntester" Munoz](https://github.com/pwntester) that inspired the SSTI research and finding of this vulnerability.

File Snapshot

 [4.0K]  /data/pocs/b0ed6d9fc9f15c6598cea0a4dbd3c05c1214ded7
├── [2.0M]  CrafterCMS - CVE-2022-40634.pdf
└── [1.1K]  README.md

0 directories, 2 files

Remarks