5 matches found
CVE-2025-57811
Craft CMS vulnerability CVE-2025-57811 is a remote code execution via Twig SSTI affecting Craft 4.x (4.0.0-RC1 through 4.16.5) and 5.x (5.0.0-RC1 through 5.8.6). The issue stems from Twig SSTI and is a follow-up to CVE-2024-52293. Affected versions are patched in Craft 4.16.6 and 5.8.7. If you ru...
CVE-2024-52293
Craft is a content management system CMS. Prior to 4.12.2 and 5.4.3, Craft is missing normalizePath in the function FileHelper::absolutePath could lead to Remote Code Execution on the server via twig SSTI. This is a sequel to CVE-2023-40035. This vulnerability is fixed in 4.12.2 and 5.4.3...
CVE-2024-52293
Craft is a content management system CMS. Prior to 4.12.2 and 5.4.3, Craft is missing normalizePath in the function FileHelper::absolutePath could lead to Remote Code Execution on the server via twig SSTI. This is a sequel to CVE-2023-40035. This vulnerability is fixed in 4.12.2 and 5.4.3...
CVE-2024-52293 Craft has a Potential Remote Code Execution via missing path normalization & Twig SSTI
Craft is a content management system CMS. Prior to 4.12.2 and 5.4.3, Craft is missing normalizePath in the function FileHelper::absolutePath could lead to Remote Code Execution on the server via twig SSTI. This is a sequel to CVE-2023-40035. This vulnerability is fixed in 4.12.2 and 5.4.3...
CVE-2024-52293 Craft has a Potential Remote Code Execution via missing path normalization & Twig SSTI
Craft is a content management system CMS. Prior to 4.12.2 and 5.4.3, Craft is missing normalizePath in the function FileHelper::absolutePath could lead to Remote Code Execution on the server via twig SSTI. This is a sequel to CVE-2023-40035. This vulnerability is fixed in 4.12.2 and 5.4.3...