Craft CMS vulnerable to Potential Remote Code Execution via missing path normalization & Twig SSTI

Summary Missing normalizePath in the function FileHelper::absolutePath could lead to Remote Code Execution on the server via twig SSTI. Post-authentication, ALLOWADMINCHANGES=true Details Note: This is a sequel to CVE-2023-40035 In src/helpers/FileHelper.phpL106-L137, the function absolutePath...

GHSA-F3CW-HG6R-CHFV Craft CMS vulnerable to Potential Remote Code Execution via missing path normalization & Twig SSTI

Summary Missing normalizePath in the function FileHelper::absolutePath could lead to Remote Code Execution on the server via twig SSTI. Post-authentication, ALLOWADMINCHANGES=true Details Note: This is a sequel to CVE-2023-40035 In src/helpers/FileHelper.phpL106-L137, the function absolutePath...

GHSA-44WR-RMWQ-3PHW Craft CMS vulnerable to Remote Code Execution via validatePath bypass

Summary Bypassing the validatePath function can lead to potential Remote Code Execution Post-authentication, ALLOWADMINCHANGES=true Details In bootstrap.php, the SystemPaths path is set as below. php // Set the vendor path. By default assume that it's 4 levels up from here $vendorPath =...

Craft CMS vulnerable to Remote Code Execution via unrestricted file extension

Summary Unrestricted file extension lead to a potential Remote Code Execution Authenticated, ALLOWADMINCHANGES=true Details Vulnerability Cause : If the name parameter value is not empty string'' in the View.php's doesTemplateExist - resolveTemplate - resolveTemplateInternal - resolveTemplate...

GHSA-VQXF-R9PH-CC9C Craft CMS vulnerable to Remote Code Execution via unrestricted file extension

Summary Unrestricted file extension lead to a potential Remote Code Execution Authenticated, ALLOWADMINCHANGES=true Details Vulnerability Cause : If the name parameter value is not empty string'' in the View.php's doesTemplateExist - resolveTemplate - resolveTemplateInternal - resolveTemplate...

Comments plugin stored Cross-site Scripting (XSS) via an asset volume name

An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. There is stored XSS via an asset volume name...

CVE-2020-13870

An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. There is stored XSS via an asset volume name...

CVE-2020-13870

An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. There is stored XSS via an asset volume name...

Cross site scripting

An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. There is stored XSS via an asset volume name...

CVE-2020-13870

CVE-2020-13870 affects the Craft CMS Comments plugin prior to 1.5.5, with a stored XSS flaw via an asset volume name. Root cause: lack of input validation leading to stored XSS. Impact is dependent on affected Craft CMS deployments; remediation is to upgrade the Comments plugin to 1.5.5 or later....

CVE-2020-13870

An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. There is stored XSS via an asset volume name...