EPSS
Percentile
51.6%
craftcms/cms is vulnerable to privilege escalation. The vulnerability exists because it does not validate the original user’s password and expects impersonated user’s password.
github.com/craftcms/cms/blob/master/CHANGELOG-v3.md
github.com/craftcms/cms/commit/4a6a90d000667ef6581790504d8a0c5c172c1531
github.com/craftcms/cms/issues/3487
github.com/phuctam/Server-Side-Template-Injection-in-CraftCMS-/issues/1