Craft Cms@* Security Vulnerabilities and Issues — Craft Cms@* CVE List

Lucene search

CraftcmsCraft Cms*

5 matches found

CVE•added 2024/06/25 9:15 p.m.•93 views

CVE-2024-37843

Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint.

9.8CVSS7.9AI score0.87249EPSS

Web

CVE•added 2024/11/13 4:15 p.m.•57 views

CVE-2024-52293

Craft is a content management system (CMS). Prior to 4.12.2 and 5.4.3, Craft is missing normalizePath in the function FileHelper::absolutePath could lead to Remote Code Execution on the server via twig SSTI. This is a sequel to CVE-2023-40035. This vulnerability is fixed in 4.12.2 and 5.4.3.

7.2CVSS6.9AI score0.04524EPSS

CVE•added 2024/01/30 9:15 a.m.•46 views

CVE-2023-36260

An issue was discovered in the Feed Me plugin 4.6.1 for Craft CMS. It allows remote attackers to cause a denial of service (DoS) via crafted strings to Feed-Me Name and Feed-Me URL fields, due to saving a feed using an Asset element type with no volume selected. NOTE: this is not a report about cod...

7.5CVSS7.5AI score0.00365EPSS

CVE•added 2024/01/30 9:15 a.m.•45 views

CVE-2023-36259

Cross Site Scripting (XSS) vulnerability in Craft CMS Audit Plugin before version 3.0.2 allows attackers to execute arbitrary code during user creation.

5.4CVSS5.4AI score0.00087EPSS

CVE•added 2024/11/13 5:15 p.m.•41 views

CVE-2024-52291

Craft is a content management system (CMS). A vulnerability in CraftCMS allows an attacker to bypass local file system validation by utilizing a double file:// scheme (e.g., file://file:////). This enables the attacker to specify sensitive folders as the file system, leading to potential file overw...

8.4CVSS7.8AI score0.00224EPSS