RCE Vulnerability in Crafter CMS — Server-Side Template Injection

Attackers may execute OS commands by Creating/Editing a template file (.ftl filetype) which use FreeMarker lib to render webpage.

Affected Version: ≤ 3.0.18 (latest version)

Affected function: Template Edit/Create function

Authentication: Authentication is required to exploit the vulnerability

Reproduce steps:

Step 1: Edit a template file

Step 2: Add code as shown below and OK

Step 3: View web page, Window OS command was executed (Testing on windows)

Done!

Reference: https://github.com/craftercms/craftercms/issues/2677