Craft Cms@3.0.0 Security Vulnerabilities and Issues — Craft Cms@3.0.0 CVE List

Lucene search

CraftcmsCraft Cms3.0.0

8 matches found

CVE•added 2024/12/18 9:15 p.m.•3580 views

CVE-2024-56145

Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected by this vulnerability if their php.ini configuration has register_argc_argv enabled. For these users an unspecified remote code execution vector is present. ...

9.8CVSS7.4AI score0.93747EPSS

In wild

CVE•added 2025/04/25 3:15 p.m.•359 views

CVE-2025-32432

Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17, Craft is vulnerable to remote code execution. This is a high-impact, low-complexity at...

10CVSS9.7AI score0.93635EPSS

In wild

CVE•added 2019/07/26 4:15 a.m.•298 views

CVE-2019-14280

In some circumstances, Craft 2 before 2.7.10 and 3 before 3.2.6 wasn't stripping EXIF data from user-uploaded images when it was configured to do so, potentially exposing personal/geolocation data to the public.

5.3CVSS5.1AI score0.15895EPSS

CVE•added 2024/01/03 5:15 p.m.•219 views

CVE-2024-21622

Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensure...

8.8CVSS8.7AI score0.00103EPSS

CVE•added 2023/08/23 9:15 p.m.•87 views

CVE-2023-40035

Craft is a CMS for creating custom digital experiences on the web and beyond. Bypassing the validatePath function can lead to potential remote code execution. This vulnerability can lead to malicious control of vulnerable systems and data exfiltrations. Although the vulnerability is exploitable onl...

7.2CVSS7.3AI score0.00496EPSS

CVE•added 2023/05/09 4:15 p.m.•67 views

CVE-2023-31144

Craft CMS is a content management system. Starting in version 3.0.0 and prior to versions 3.8.4 and 4.4.4, a malformed title in the feed widget can deliver a cross-site scripting payload. This issue is fixed in version 3.8.4 and 4.4.4.

6.1CVSS5.8AI score0.00455EPSS

CVE•added 2022/12/05 9:15 p.m.•66 views

CVE-2022-37783

All Craft CMS versions between 3.0.0 and 3.7.32 disclose password hashes of users who authenticate using their E-Mail address or username in Anti-CSRF-Tokens. Craft CMS uses a cookie called CRAFT_CSRF_TOKEN and a HTML hidden field called CRAFT_CSRF_TOKEN to avoid Cross Site Request Forgery attacks....

7.5CVSS7.5AI score0.00521EPSS

CVE•added 2023/05/26 9:15 p.m.•43 views

CVE-2023-33194

Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was patched in versio...

4.8CVSS4.4AI score0.00045EPSS