Lucene search
K

6 matches found

Snyk
Snyk
added 2026/03/11 12:27 a.m.3 views

SQL Injection

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to SQL Injection via the actionSearch process in ElementSearchController. An attacker can execute arbitrary SQL commands and extract database contents by injecting malicious input into...

8.8CVSS6.2AI score0.0035EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/11 1:33 a.m.5 views

CVE-2026-25495

Craft is a platform for creating digital experiences. In Craft versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the element-indexes/get-elements endpoint is vulnerable to SQL Injection via the criteriaorderBy parameter JSON body. The application fails to sanitize this input before...

8.8CVSS6.2AI score0.00502EPSS
Exploits1References1
Snyk
Snyk
added 2026/02/09 8:35 p.m.1 views

SQL Injection

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to SQL Injection via the criteriaorderBy parameter in the JSON body provided to the element-indexes/get-elements endpoint. A user with Control Panel permission can execute SQL commands by...

8.8CVSS6.1AI score0.00502EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/02/09 7:42 p.m.3 views

CVE-2026-25495 Craft has a SQL Injection in Element Indexes via criteria[orderBy]

Craft is a platform for creating digital experiences. In Craft versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the element-indexes/get-elements endpoint is vulnerable to SQL Injection via the criteriaorderBy parameter JSON body. The application fails to sanitize this input before...

8.7CVSS6.2AI score0.00502EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/02/09 12:0 a.m.6 views

PT-2026-7145

Name of the Vulnerable Software and Affected Versions Craft versions 4.0.0-RC1 through 4.16.17 Craft versions 5.0.0-RC1 through 5.8.21 Description Craft is a platform for creating digital experiences. The element-indexes/get-elements API endpoint is susceptible to SQL Injection via the...

8.7CVSS6.1AI score0.00502EPSS
Exploits1References11
CNNVD
CNNVD
added 2026/02/09 12:0 a.m.7 views

Craft CMS SQL注入漏洞

Craft CMS is an open-source content management system developed by Craft CMS. Versions 4.0.0-RC1 to 4.16.17, and 5.0.0-RC1 to 5.8.21 of Craft CMS have SQL injection vulnerabilities. These vulnerabilities stem from improper cleaning of the criteriaorderBy parameter input, which may lead to SQL...

8.8CVSS5.9AI score0.00502EPSS
Exploits1References3
Rows per page
Query Builder