4 matches found
CVE-2026-31857
CVE-2026-31857 (CraftCMS) : A Remote Code Execution vulnerability exists in Craft CMS before versions 5.9.9 and 4.17.4 in the control panel via the BaseElementSelectConditionRule::getElementIds() path. User-controlled input is passed to renderObjectTemplate() (unsandboxed Twig with escaping disab...
CVE-2026-31857 CraftCMS has an RCE vulnerability via relational conditionals in the control panel
Craft is a content management system CMS. Prior to 5.9.9 and 4.17.4, a Remote Code Execution vulnerability exists in the Craft CMS 5 conditions system. The BaseElementSelectConditionRule::getElementIds method passes user-controlled string input through renderObjectTemplate -- an unsandboxed Twig...
CVE-2026-31857 CraftCMS has an RCE vulnerability via relational conditionals in the control panel
Craft is a content management system CMS. Prior to 5.9.9 and 4.17.4, a Remote Code Execution vulnerability exists in the Craft CMS 5 conditions system. The BaseElementSelectConditionRule::getElementIds method passes user-controlled string input through renderObjectTemplate -- an unsandboxed Twig...
EUVD-2026-11257
CraftCMS has an RCE vulnerability via relational conditionals in the control panel...