2 matches found
GHSA-X684-96HH-833X Craft CMS has a potential RCE with a compromised security key
Impact This is an RCE vulnerability that affects Craft 4 and 5 installs where your security key has already been compromised. https://craftcms.com/knowledge-base/securing-craftkeep-your-secrets-secret Anyone running an unpatched version of Craft with a compromised security key is affected. Patche...
PT-2024-35157 · Craft Cms · Craft Cms
Name of the Vulnerable Software and Affected Versions: CraftCMS versions prior to 4.12.5 CraftCMS versions prior to 5.4.6 Description: A vulnerability in CraftCMS allows an attacker to bypass local file system validation by utilizing a double file:// scheme. This enables the attacker to specify...