4 matches found
CVE-2026-44011
Craft CMS is a content management system CMS. From 4.0.0 to before 4.17.12 and 5.9.18, Craft CMS which contains an input-handling flaw in a Yii object creation path that let any authenticated user inject malicious configuration and execute arbitrary commands on the server. The request-controlled...
Craft CMS has Potential Authenticated Remote Code Execution via Malicious Attached Behavior
We identified a vulnerability in the latest version of Craft CMS which contains an input-handling flaw in a Yii object creation path that let any authenticated user inject malicious configuration and execute arbitrary commands on the server. Yii’s dynamic object configuration, as implemented in...
GHSA-QRGM-P9W5-RRFW Craft CMS has Potential Authenticated Remote Code Execution via Malicious Attached Behavior
We identified a vulnerability in the latest version of Craft CMS which contains an input-handling flaw in a Yii object creation path that let any authenticated user inject malicious configuration and execute arbitrary commands on the server. Yii’s dynamic object configuration, as implemented in...
Joomla! Security Vulnerabilities
Joomla! is a set of forum components used in the Joomla! content management system. A security vulnerability exists in Joomla! that stems from a list field layout that does not properly escape input, which can lead to a cross-site scripting XSS vulnerability...