CVE-2025-68456 Unauthenticated Craft CMS users can trigger a database backup

Craft is a platform for creating digital experiences. In versions 5.0.0-RC1 through 5.8.20 and 3.0.0 through 4.16.16, unauthenticated users can trigger database backup operations via specific admin actions, potentially leading to resource exhaustion or information disclosure. Users should update ...

CVE-2024-21622

Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensu...

CVE-2024-21622 Craft CMS Privilege Escalation

Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensu...

CVE-2021-32752

Ether Logs is a package that allows one to check one's logs in the Craft 3 utilities section. A vulnerability was found in versions prior to 3.0.4 that allowed authenticated admin users to access any file on the server. The vulnerability has been fixed in version 3.0.4. As a workaround, one may...

Design/Logic Flaw

Ether Logs is a package that allows one to check one's logs in the Craft 3 utilities section. A vulnerability was found in versions prior to 3.0.4 that allowed authenticated admin users to access any file on the server. The vulnerability has been fixed in version 3.0.4. As a workaround, one may...

CVE-2021-32752 Files or Directories Accessible to External Parties in ether/logs

Ether Logs is a package that allows one to check one's logs in the Craft 3 utilities section. A vulnerability was found in versions prior to 3.0.4 that allowed authenticated admin users to access any file on the server. The vulnerability has been fixed in version 3.0.4. As a workaround, one may...

CVE-2021-32752

Ether Logs (Craft 3) prior to version 3.0.4 is affected. An authenticated admin can access any file on the server due to a vulnerability in the plugin’s handling of file access. The issue has been fixed in version 3.0.4. As a workaround, disable the plugin if admin access by untrusted sources is ...

Winter Craft 3: Mine Build - Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Winter Craft 3: Mine Build published at the 'play' market has multiple vulnerabilities...

City Craft 3: TNT Edition - Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application City Craft 3: TNT Edition published at the 'play' market has multiple vulnerabilities...

Medieval Craft 3 - Base64 encoded String, Customized SSL, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Medieval Craft 3 published at the 'play' market has multiple vulnerabilities...