2 matches found
CVE-2025-68437 Craft CMS vulnerable to Server-Side Request Forgery (SSRF) via GraphQL Asset Upload Mutation
Craft is a platform for creating digital experiences. In versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16, the Craft CMS GraphQL saveAsset mutation is vulnerable to Server-Side Request Forgery SSRF. This vulnerability arises because the file input, specifically its url parameter,...
Allocation of Resources Without Limits or Throttling
Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling over the /admin/actions/updater/backup endpoint. An unauthenticated user can cause resource exhaustion or access sensitive backup files by...