5 matches found
Craft Commerce hasVariant/hasProduct Blind SQL Injection
Overview Craft Commerce’s ProductQuery::hasVariant and VariantQuery::hasProduct properties bypass the unset blocklist added to ElementIndexesController in GHSA-2453-mppf-46cj. The blocklist only strips top-level Yii2 Query properties where, orderBy, etc., but hasVariant and hasProduct pass throug...
Craft CMS has an authorization bypass which allows any control panel user to move entries without permissions
Summary An authenticated control panel user with only accessCp can move entries across sections via POST /actions/entries/move-to-section, even when they do not have saveEntries:sectionUid permission for either source or destination section. Details Root-cause analysis 1. actionMoveToSection...
CVE-2023-22953
In ExpressionEngine before 7.2.6, remote code execution can be achieved by an authenticated Control Panel user...
PT-2023-18795 · Ellislab · Expressionengine
Name of the Vulnerable Software and Affected Versions: ExpressionEngine versions prior to 7.2.6 Description: The issue allows remote code execution by an authenticated Control Panel user. Recommendations: For versions prior to 7.2.6, update to version 7.2.6 or later to resolve the issue...
CVE-2023-22953
In ExpressionEngine before 7.2.6, remote code execution can be achieved by an authenticated Control Panel user...