cms is vulnerable to Remote Code Execution. The vulnerability exists due to the system not restricting administrative permission to save to a Local volume with the File System Path setting set to a system directory after an attacker is able to hijack an administrator’s session.
CPE | Name | Operator | Version |
---|---|---|---|
craftcms/cms | le | 3.6.6 | |
craftcms/cms | le | 3.6.6 |