RCE Vulnerability in Crafter CMS — Server-Side Template Injection
Attackers may execute OS commands by Creating/Editing a template file (.ftl filetype) which use FreeMarker lib to render webpage.
Affected Version: ≤ 3.0.18 (latest version)
Affected function: Template Edit/Create function
Authentication: Authentication is required to exploit the vulnerability
Reproduce steps:
Step 1: Edit a template file
Step 2: Add code as shown below and OK
Step 3: View web page, Window OS command was executed (Testing on windows)
Done!
Reference: https://github.com/craftercms/craftercms/issues/2677