An issue was discovered in Craft CMS before 3.6.7. In some circumstances, a potential Remote Code Execution vulnerability existed on sites that did not restrict administrative changes (if an attacker were somehow able to hijack an administrator’s session).
CPE | Name | Operator | Version |
---|---|---|---|
cms | eq | 1.0.0-alpha.2236 | |
cms | eq | 1.4.0-alpha.2493 | |
cms | eq | 3.0.0-beta.5 | |
cms | eq | 3.3.19 | |
cms | eq | 2.6.2778 | |
cms | eq | 0.9.2136 | |
cms | eq | 3.5.13.2 | |
cms | eq | 3.4.0-RC2 | |
cms | eq | 3.0.0-beta.7 | |
cms | eq | 3.2.0-RC2 |