Craft CMS 代码注入漏洞

Craft CMS is an open source content management system CMS from Craft CMS. A code injection vulnerability exists in Craft CMS versions 4.13.8 through 4.16.2 and 5.5.8 through 5.8.3, which stems from a security key compromise that could allow remote code execution...

Arbitrary Code Injection

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Arbitrary Code Injection when the user's security key has already been compromised. Workaround This vulnerability can be mitigated by rotating the security key and ensuring its privacy...