Craft Cms Security Vulnerabilities and Issues — Craft Cms CVE List

Lucene search

CraftcmsCraft Cms

3 matches found

CVE•added 2024/11/13 4:15 p.m.•51 views

CVE-2024-52293

Craft is a content management system (CMS). Prior to 4.12.2 and 5.4.3, Craft is missing normalizePath in the function FileHelper::absolutePath could lead to Remote Code Execution on the server via twig SSTI. This is a sequel to CVE-2023-40035. This vulnerability is fixed in 4.12.2 and 5.4.3.

7.2CVSS6.9AI score0.04292EPSS

CVE•added 2024/11/13 5:15 p.m.•42 views

CVE-2024-52292

Craft is a content management system (CMS). The dataUrl function can be exploited if an attacker has write permissions on system notification templates. This function accepts an absolute file path, reads the file's content, and converts it into a Base64-encoded string. By embedding this function wi...

7.7CVSS6.7AI score0.00138EPSS

CVE•added 2024/11/13 5:15 p.m.•40 views

CVE-2024-52291

Craft is a content management system (CMS). A vulnerability in CraftCMS allows an attacker to bypass local file system validation by utilizing a double file:// scheme (e.g., file://file:////). This enables the attacker to specify sensitive folders as the file system, leading to potential file overw...

8.4CVSS7.8AI score0.00212EPSS