CVE-2026-28781

Craft is a content management system CMS. Prior to 4.17.0-beta.1 and 5.9.0-beta.1, the entry creation process allows for Mass Assignment of the authorId attribute. A user with "Create Entries" permission can inject the authorIds or authorId parameter into the POST request, which the backend...

CVE-2026-28781 Craft Affected by Entries Authorship Spoofing via Mass Assignment

Craft is a content management system CMS. Prior to 4.17.0-beta.1 and 5.9.0-beta.1, the entry creation process allows for Mass Assignment of the authorId attribute. A user with "Create Entries" permission can inject the authorIds or authorId parameter into the POST request, which the backend...

Craft CMS: Entries Authorship Spoofing via Mass Assignment

Description The entry creation process allows for Mass Assignment of the authorId attribute. A user with "Create Entries" permission can inject the authorIds or authorId parameter into the POST request, which the backend processes without verifying if the current user is authorized to assign...

CVE-2008-5767

SQL injection vulnerability in authors.asp in gNews Publisher allows remote attackers to execute arbitrary SQL commands via the authorID parameter...

Sql injection

SQL injection vulnerability in authors.asp in gNews Publisher allows remote attackers to execute arbitrary SQL commands via the authorID parameter...

CVE-2008-5767

CVE-2008-5767 describes an SQL injection in the authors.asp page of the gNews Publisher, exploitable via the authorID parameter. The underlying issue is improper input handling allowing remote attackers to manipulate SQL queries. The NVD records a CVSSv2 base score of 7.5 (HIGH) with network atta...

CVE-2008-5767

SQL injection vulnerability in authors.asp in gNews Publisher allows remote attackers to execute arbitrary SQL commands via the authorID parameter...