Remote Code Execution (RCE)
Craft CMS is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe use of unsandboxed Twig rendering with user-controlled input in the conditions system, which allows an attacker to execute arbitrary code through crafted condition rules...