Unauthenticated remote attackers can read textual content via FreeMarker including files /scripts/, /templates/ and some of the files in /.git/* (non-binary).
The product makes resources available to untrusted parties when those resources are only intended to be accessed by the product.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Crafter_cms | Craftercms | 3.1.0 (including) | 3.1.15 (excluding) |