Lucene search

CrafterCVELIST:CVE-2023-26020

HistoryFeb 17, 2023 - 5:24 p.m.

CVE-2023-26020 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Crafter Studio

2023-02-1717:24:45

CWE-89

crafter

www.cve.org

cve-2023-26020

sql injection

crafter studio

linux

macos

windows

x86

arm

64 bit

craftercms

v4.0

v3.1

5.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H

0.001 Low

EPSS

Percentile

32.3%

JSON

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Crafter Studio on Linux, MacOS, Windows, x86, ARM, 64 bit allows SQL Injection.This issue affects CrafterCMS v4.0 from 4.0.0 through 4.0.1, and v3.1 from 3.1.0 through 3.1.26.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "packageName": "Studio",
    "platforms": [
      "Linux",
      "MacOS",
      "Windows",
      "x86",
      "ARM",
      "64 bit"
    ],
    "product": "CrafterCMS",
    "vendor": "CrafterCMS",
    "versions": [
      {
        "lessThanOrEqual": "4.0.1",
        "status": "affected",
        "version": "4.0.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "3.1.26",
        "status": "affected",
        "version": "3.1.0",
        "versionType": "semver"
      }
    ]
  }
]

References

docs.craftercms.org/en/4.0/security/advisory.html#cv-2023021701

5.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H

0.001 Low

EPSS

Percentile

32.3%

JSON

Related for CVELIST:CVE-2023-26020