Lucene search
K

6 matches found

OSV
OSV
added 2026/05/06 5:54 p.m.5 views

GHSA-QRGM-P9W5-RRFW Craft CMS has Potential Authenticated Remote Code Execution via Malicious Attached Behavior

We identified a vulnerability in the latest version of Craft CMS which contains an input-handling flaw in a Yii object creation path that let any authenticated user inject malicious configuration and execute arbitrary commands on the server. Yii’s dynamic object configuration, as implemented in...

8.6CVSS6.1AI score0.00346EPSS
Exploits0References5
Veracode
Veracode
added 2026/03/14 5:22 a.m.6 views

SQL Injection

Craft CMS is vulnerable to SQL Injection. The vulnerability is due to missing input sanitization in the ElementSearchController::actionSearch endpoint, which allows an attacker to inject malicious SQL queries via parameters like criteriawhere or criteriaorderBy and extract sensitive database...

8.8CVSS5.9AI score0.0035EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/11 12:27 a.m.6 views

CraftCMS's `ElementSearchController` Affected by Blind SQL Injection

The ElementSearchController::actionSearch endpoint is missing the unset protection that was added to ElementIndexesController in GHSA-2453-mppf-46cj. The exact same SQL injection vulnerability including criteriaorderBy, the original advisory vector works on this controller because the fix was nev...

8.8CVSS6AI score0.0035EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/11 12:27 a.m.5 views

GHSA-G7J6-FMWX-7VP8 CraftCMS's `ElementSearchController` Affected by Blind SQL Injection

The ElementSearchController::actionSearch endpoint is missing the unset protection that was added to ElementIndexesController in GHSA-2453-mppf-46cj. The exact same SQL injection vulnerability including criteriaorderBy, the original advisory vector works on this controller because the fix was nev...

8.7CVSS5.9AI score0.0035EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.6 views

Craft CMS SQL注入漏洞

Craft CMS is an open-source content management system developed by Craft CMS. Versions of Craft CMS prior to 5.9.9 had a SQL injection vulnerability. This vulnerability stemmed from insufficient input sanitization in the ElementSearchController::actionSearch endpoint, which could lead to SQL...

8.8CVSS5.8AI score0.0035EPSS
Exploits0References2
Microsoft KB
Microsoft KB
added 2021/11/22 12:0 a.m.6 views

November 22, 2021-KB5007292 Cumulative Update Preview for .NET Framework 3.5 and 4.8 for Windows 11

None None...

6.1AI score
Exploits0
Rows per page
Query Builder