13 matches found
CVE-2026-32264
Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.5 and from version 5.0.0-RC1 to before version 5.9.11, there is a Behavior injection RCE vulnerability in ElementIndexesController and FieldsController. Craft control panel administrator permissions and...
CVE-2026-32264 Craft CMS vulnerable to behavior injection RCE ElementIndexesController and FieldsController
Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.5 and from version 5.0.0-RC1 to before version 5.9.11, there is a Behavior injection RCE vulnerability in ElementIndexesController and FieldsController. Craft control panel administrator permissions and...
CVE-2026-32264
CVE-2026-32264 in Craft CMS affects the ElementIndexesController and FieldsController. From 4.0.0-RC1 up to just before 4.17.5, and from 5.0.0-RC1 up to just before 5.9.11, a Behavior injection remote code execution vulnerability exists when an administrator with enable admin changes (allowAdminC...
CVE-2026-32264 Craft CMS vulnerable to behavior injection RCE ElementIndexesController and FieldsController
Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.5 and from version 5.0.0-RC1 to before version 5.9.11, there is a Behavior injection RCE vulnerability in ElementIndexesController and FieldsController. Craft control panel administrator permissions and...
CVE-2026-32264 Craft CMS vulnerable to behavior injection RCE ElementIndexesController and FieldsController
Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.5 and from version 5.0.0-RC1 to before version 5.9.11, there is a Behavior injection RCE vulnerability in ElementIndexesController and FieldsController. Craft control panel administrator permissions and...
GHSA-4484-8V2F-5748 Craft CMS vulnerable to behavior injection RCE ElementIndexesController and FieldsController
The fix for https://github.com/advisories/GHSA-7jx7-3846-m7w7 commit https://github.com/craftcms/cms/commit/395c64f0b80b507be1c862a2ec942eaacb353748 only patched src/services/Fields.php, but the same vulnerable pattern exists in ElementIndexesController and FieldsController. You need Craft contro...
Craft CMS vulnerable to behavior injection RCE ElementIndexesController and FieldsController
The fix for https://github.com/advisories/GHSA-7jx7-3846-m7w7 commit https://github.com/craftcms/cms/commit/395c64f0b80b507be1c862a2ec942eaacb353748 only patched src/services/Fields.php, but the same vulnerable pattern exists in ElementIndexesController and FieldsController. You need Craft contro...
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' via the ElementIndexesController and FieldsController components. An attacker can execute arbitrary code by...
Craft CMS 安全漏洞
Craft CMS is an open-source content management system developed by Craft CMS. Vulnerabilities existed in versions 4.0.0-RC1 to 4.17.5, as well as in versions 5.0.0-RC1 to 5.9.11 of Craft CMS. These vulnerabilities were caused by behavior injection remote code execution vulnerabilities in the...
PT-2026-25805
Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.5 and from version 5.0.0-RC1 to before version 5.9.11, there is a Behavior injection RCE vulnerability in ElementIndexesController and FieldsController. Craft control panel administrator permissions and...
EUVD-2026-10096
The MDJM Event Management plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the 'customfieldscontroller' function in all versions up to, and including, 1.7.8.1. This makes it possible for unauthenticated attackers to delete arbitrary custom...
CVE-2026-1650
The MDJM Event Management plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the 'customfieldscontroller' function in all versions up to, and including, 1.7.8.1. This makes it possible for unauthenticated attackers to delete arbitrary custom...
WordPress plugin MDJM Event Management 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...