Craft Cms Security Vulnerabilities and Issues — Craft Cms CVE List

Lucene search

CraftcmsCraft Cms

5 matches found

cve•added 2024/12/18 9:15 p.m.•3538 views

CVE-2024-56145

Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected by this vulnerability if their php.ini configuration has register_argc_argv enabled. For these users an unspecified remote code execution vector is present. ...

9.8CVSS7.4AI score0.94029EPSS

cve•added 2024/06/25 9:15 p.m.•89 views

CVE-2024-37843

Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint.

9.8CVSS7.9AI score0.83422EPSS

cve•added 2019/10/24 4:15 p.m.•86 views

CVE-2019-15929

In Craft CMS through 3.1.7, the elevated session password prompt was not being rate limited like normal login forms, leading to the possibility of a brute force attempt on them.

9.8CVSS9.4AI score0.00358EPSS

cve•added 2020/03/04 5:15 p.m.•82 views

CVE-2020-9757

The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the metacontainers controller.

9.8CVSS8.6AI score0.9362EPSS

cve•added 2021/06/30 12:15 p.m.•58 views

CVE-2021-27903

An issue was discovered in Craft CMS before 3.6.7. In some circumstances, a potential Remote Code Execution vulnerability existed on sites that did not restrict administrative changes (if an attacker were somehow able to hijack an administrator's session).

9.8CVSS9.6AI score0.03824EPSS