6 matches found
GHSA-QRGM-P9W5-RRFW Craft CMS has Potential Authenticated Remote Code Execution via Malicious Attached Behavior
We identified a vulnerability in the latest version of Craft CMS which contains an input-handling flaw in a Yii object creation path that let any authenticated user inject malicious configuration and execute arbitrary commands on the server. Yii’s dynamic object configuration, as implemented in...
SQL Injection
Craft CMS is vulnerable to SQL Injection. The vulnerability is due to missing input sanitization in the ElementSearchController::actionSearch endpoint, which allows an attacker to inject malicious SQL queries via parameters like criteriawhere or criteriaorderBy and extract sensitive database...
CraftCMS's `ElementSearchController` Affected by Blind SQL Injection
The ElementSearchController::actionSearch endpoint is missing the unset protection that was added to ElementIndexesController in GHSA-2453-mppf-46cj. The exact same SQL injection vulnerability including criteriaorderBy, the original advisory vector works on this controller because the fix was nev...
GHSA-G7J6-FMWX-7VP8 CraftCMS's `ElementSearchController` Affected by Blind SQL Injection
The ElementSearchController::actionSearch endpoint is missing the unset protection that was added to ElementIndexesController in GHSA-2453-mppf-46cj. The exact same SQL injection vulnerability including criteriaorderBy, the original advisory vector works on this controller because the fix was nev...
Craft CMS SQL注入漏洞
Craft CMS is an open-source content management system developed by Craft CMS. Versions of Craft CMS prior to 5.9.9 had a SQL injection vulnerability. This vulnerability stemmed from insufficient input sanitization in the ElementSearchController::actionSearch endpoint, which could lead to SQL...
November 22, 2021-KB5007292 Cumulative Update Preview for .NET Framework 3.5 and 4.8 for Windows 11
None None...