CVE-2026-31858

Craft is a content management system CMS. The ElementSearchController::actionSearch endpoint is missing the unset protection that was added to ElementIndexesController in CVE-2026-25495. The exact same SQL injection vulnerability including criteriaorderBy, the original advisory vector works on th...

Craft CMS 安全漏洞

Craft CMS is an open-source content management system developed by Craft CMS. Versions prior to 4.17.8 and 5.9.14 of Craft CMS had security vulnerabilities. These vulnerabilities stemmed from lack of resource-based authorization verification, which could allow unauthorized access to private asset...

Unsafe Reflection

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Unsafe Reflection via the set and get methods in the Behavior class. An administrator can execute arbitrary code on the server by submitting a JSON payload that attaches a maliciousBehavior...

Craft CMS 安全漏洞

Craft CMS is a content management system CMS from Craft CMS Open Source. A security vulnerability exists in Craft CMS versions prior to 4.14.13 and prior to 5.6.16, which stems from a Twig SSTI could lead to remote code execution...

Craft CMS 路径遍历漏洞

Craft CMS is a content management system CMS open source by Craft CMS. A path traversal vulnerability exists in Craft CMS versions 4.0.0-RC1 through 4.12.1 and 5.0.0-RC1 through 5.4.2, which stems from the lack of normalizePath in the FileHelper::absolutePath function, and can lead to remote code...