Lucene search
K

211 matches found

Veracode
Veracode
added 2026/03/14 5:23 a.m.5 views

SQL Injection

craftcms/commerce is vulnerable to SQL Injection. The vulnerability is due to lack of validation and sanitization of sort parameters in the addOrderBy clause, which allows an attacker to inject arbitrary SQL queries and potentially compromise the database...

8.8CVSS6AI score0.00436EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/03/11 5:35 p.m.28 views

CVE-2026-31858 CraftCMS's `ElementSearchController` Affected by Blind SQL Injection

Craft is a content management system CMS. The ElementSearchController::actionSearch endpoint is missing the unset protection that was added to ElementIndexesController in CVE-2026-25495. The exact same SQL injection vulnerability including criteriaorderBy, the original advisory vector works on th...

8.7CVSS0.0035EPSS
Exploits0References2
CVE
CVE
added 2026/03/11 5:35 p.m.16 views

CVE-2026-31858

CraftCMS is affected by a blind SQL injection in ElementSearchController::actionSearch(), where unset() protection added to ElementIndexesController in CVE-2026-25495 was not applied. This allows any authenticated control panel user to inject arbitrary SQL via criteria[where], criteria[orderBy], ...

8.8CVSS6AI score0.0035EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/11 5:35 p.m.5 views

CVE-2026-31858 CraftCMS's `ElementSearchController` Affected by Blind SQL Injection

Craft is a content management system CMS. The ElementSearchController::actionSearch endpoint is missing the unset protection that was added to ElementIndexesController in CVE-2026-25495. The exact same SQL injection vulnerability including criteriaorderBy, the original advisory vector works on th...

8.7CVSS6AI score0.0035EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/11 5:30 p.m.29 views

CVE-2026-31857 CraftCMS has an RCE vulnerability via relational conditionals in the control panel

Craft is a content management system CMS. Prior to 5.9.9 and 4.17.4, a Remote Code Execution vulnerability exists in the Craft CMS 5 conditions system. The BaseElementSelectConditionRule::getElementIds method passes user-controlled string input through renderObjectTemplate -- an unsandboxed Twig...

9.3CVSS0.00665EPSS
Exploits0References2
CVE
CVE
added 2026/03/11 5:30 p.m.11 views

CVE-2026-31857

CVE-2026-31857 (CraftCMS) : A Remote Code Execution vulnerability exists in Craft CMS before versions 5.9.9 and 4.17.4 in the control panel via the BaseElementSelectConditionRule::getElementIds() path. User-controlled input is passed to renderObjectTemplate() (unsandboxed Twig with escaping disab...

9.3CVSS5.9AI score0.00665EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/11 5:30 p.m.2 views

CVE-2026-31857 CraftCMS has an RCE vulnerability via relational conditionals in the control panel

Craft is a content management system CMS. Prior to 5.9.9 and 4.17.4, a Remote Code Execution vulnerability exists in the Craft CMS 5 conditions system. The BaseElementSelectConditionRule::getElementIds method passes user-controlled string input through renderObjectTemplate -- an unsandboxed Twig...

9.3CVSS5.9AI score0.00665EPSS
Exploits0References2
OSV
OSV
added 2026/03/11 5:30 p.m.4 views

CVE-2026-31857 CraftCMS has an RCE vulnerability via relational conditionals in the control panel

Craft is a content management system CMS. Prior to 5.9.9 and 4.17.4, a Remote Code Execution vulnerability exists in the Craft CMS 5 conditions system. The BaseElementSelectConditionRule::getElementIds method passes user-controlled string input through renderObjectTemplate -- an unsandboxed Twig...

9.3CVSS6AI score0.00665EPSS
Exploits0References4
Snyk
Snyk
added 2026/03/11 2:56 p.m.6 views

Cross-site Scripting (XSS)

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the rendering process of user group names on the user permissions page. An attacker can execute arbitrary JavaScript code in the context of another user's browser...

4.8CVSS5.9AI score0.00148EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/11 2:56 p.m.4 views

EUVD-2026-11257

CraftCMS has an RCE vulnerability via relational conditionals in the control panel...

9.3CVSS5.8AI score0.00665EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/11 2:56 p.m.7 views

CraftCMS has an RCE vulnerability via relational conditionals in the control panel

A Remote Code Execution vulnerability exists in the Craft CMS 5 conditions system. The BaseElementSelectConditionRule::getElementIds method passes user-controlled string input through renderObjectTemplate -- an unsandboxed Twig rendering function with escaping disabled. Any authenticated Control...

9.3CVSS5.9AI score0.00665EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/11 12:27 a.m.5 views

GHSA-G7J6-FMWX-7VP8 CraftCMS's `ElementSearchController` Affected by Blind SQL Injection

The ElementSearchController::actionSearch endpoint is missing the unset protection that was added to ElementIndexesController in GHSA-2453-mppf-46cj. The exact same SQL injection vulnerability including criteriaorderBy, the original advisory vector works on this controller because the fix was nev...

8.7CVSS5.9AI score0.0035EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/11 12:27 a.m.6 views

EUVD-2026-11259

CraftCMS's ElementSearchController Affected by Blind SQL Injection...

8.7CVSS5.8AI score0.0035EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/11 12:27 a.m.5 views

CraftCMS's `ElementSearchController` Affected by Blind SQL Injection

The ElementSearchController::actionSearch endpoint is missing the unset protection that was added to ElementIndexesController in GHSA-2453-mppf-46cj. The exact same SQL injection vulnerability including criteriaorderBy, the original advisory vector works on this controller because the fix was nev...

8.8CVSS6AI score0.0035EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/03/11 12:26 a.m.3 views

EUVD-2026-11261

CraftCMS vulnerable to reflective XSS via incomplete return URL sanitization...

6.9CVSS5.8AI score0.00185EPSS
Exploits0References2
OSV
OSV
added 2026/03/11 12:26 a.m.6 views

GHSA-FVWQ-45QV-XVHV CraftCMS vulnerable to reflective XSS via incomplete return URL sanitization

Summary The fix for CVE-2025-35939 in craftcms/cms introduced a striptags call in src/web/User.php to sanitize return URLs before they are stored in the session. However, striptags only removes HTML tags angle brackets -- it does not inspect or filter URL schemes. Payloads like...

6.9CVSS5.9AI score0.00185EPSS
Exploits0References4
Snyk
Snyk
added 2026/03/11 12:26 a.m.5 views

Improper Encoding or Escaping of Output

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the setReturnUrl function. An attacker can execute arbitrary JavaScript in the context of the application by supplying a crafted return URL...

6.9CVSS6AI score0.00185EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/10 6:24 p.m.2 views

Cross-site Scripting (XSS)

Overview craftcms/commerce is a Craft Commerce Affected versions of this package are vulnerable to Cross-site Scripting XSS in the processing of order details in the slideout interface when user-supplied input is rendered without proper sanitization in fields such as Shipping Method Name, Order...

5.4CVSS5.8AI score0.00211EPSS
Exploits1References2
Veracode
Veracode
added 2026/03/07 5:17 a.m.6 views

Server-Side Template Injection

craftcms/cms is vulnerable to Server-Side Template Injection. The vulnerability is due to improper handling of Twig input using the map filter in certain fields, which allows an attacker with sufficient access to craft malicious payloads and execute arbitrary code on the server...

8.6CVSS6.2AI score0.00514EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/03/03 9:6 p.m.10 views

Template Injection

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Template Injection via the map filter in Twig templates when processing text fields that accept Twig input in the control panel settings or through the System Messages utility. An attacker ca...

8.6CVSS6.1AI score0.00514EPSS
Exploits0References2
Rows per page
Query Builder