Lucene search
K

5 matches found

CVE
CVE
added 2025/08/25 5:52 p.m.28 views

CVE-2025-57811

Craft CMS vulnerability CVE-2025-57811 is a remote code execution via Twig SSTI affecting Craft 4.x (4.0.0-RC1 through 4.16.5) and 5.x (5.0.0-RC1 through 5.8.6). The issue stems from Twig SSTI and is a follow-up to CVE-2024-52293. Affected versions are patched in Craft 4.16.6 and 5.8.7. If you ru...

8.6CVSS7.1AI score0.00805EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/05 12:20 p.m.14 views

CVE-2024-52293

Craft is a content management system CMS. Prior to 4.12.2 and 5.4.3, Craft is missing normalizePath in the function FileHelper::absolutePath could lead to Remote Code Execution on the server via twig SSTI. This is a sequel to CVE-2023-40035. This vulnerability is fixed in 4.12.2 and 5.4.3...

7.2CVSS7.1AI score0.01909EPSS
Exploits2References1
NVD
NVD
added 2024/11/13 4:15 p.m.37 views

CVE-2024-52293

Craft is a content management system CMS. Prior to 4.12.2 and 5.4.3, Craft is missing normalizePath in the function FileHelper::absolutePath could lead to Remote Code Execution on the server via twig SSTI. This is a sequel to CVE-2023-40035. This vulnerability is fixed in 4.12.2 and 5.4.3...

7.2CVSS0.01308EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/11/13 4:4 p.m.46 views

CVE-2024-52293 Craft has a Potential Remote Code Execution via missing path normalization & Twig SSTI

Craft is a content management system CMS. Prior to 4.12.2 and 5.4.3, Craft is missing normalizePath in the function FileHelper::absolutePath could lead to Remote Code Execution on the server via twig SSTI. This is a sequel to CVE-2023-40035. This vulnerability is fixed in 4.12.2 and 5.4.3...

7.2CVSS0.01308EPSS
Exploits1References2
OSV
OSV
added 2024/11/13 4:4 p.m.37 views

CVE-2024-52293 Craft has a Potential Remote Code Execution via missing path normalization & Twig SSTI

Craft is a content management system CMS. Prior to 4.12.2 and 5.4.3, Craft is missing normalizePath in the function FileHelper::absolutePath could lead to Remote Code Execution on the server via twig SSTI. This is a sequel to CVE-2023-40035. This vulnerability is fixed in 4.12.2 and 5.4.3...

7.2CVSS6.8AI score0.01308EPSS
Exploits1References4
Rows per page
Query Builder