logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2021-27230

Description

ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP Code Injection by certain authenticated users who can leverage Translate::save() to write to an _lang.php file under the system/user/language directory.


Affected Software


CPE Name Name Version
expressionengine:expressionengine expressionengine 6.0.3
expressionengine:expressionengine expressionengine 5.4.2

Related