Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
craftcms craft cms vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-41892
Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector. Users running Craft installations prior to 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15.
Craftcms Craft Cms
1 Metasploit module
5 Github repositories
9.8
CVSSv3
CVE-2021-27903
An issue exists in Craft CMS prior to 3.6.7. In some circumstances, a potential Remote Code Execution vulnerability existed on sites that did not restrict administrative changes (if an attacker were somehow able to hijack an administrator's session).
Craftcms Craft Cms
9.8
CVSSv3
CVE-2020-9757
The SEOmatic component prior to 3.3.0 for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the metacontainers controller.
Craftcms Craft Cms
9.8
CVSSv3
CVE-2019-15929
In Craft CMS up to and including 3.1.7, the elevated session password prompt was not being rate limited like normal login forms, leading to the possibility of a brute force attempt on them.
Craftcms Craft Cms
8.8
CVSSv3
CVE-2024-21622
Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x before 3.9.6 and 4.x before 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. User...
Craftcms Craft Cms
8.8
CVSSv3
CVE-2023-30130
An issue found in CraftCMS v.3.8.1 allows a remote malicious user to execute arbitrary code via a crafted script to the Section parameter.
Craftcms Craft Cms 3.8.1
8.8
CVSSv3
CVE-2022-29933
Craft CMS up to and including 3.7.36 allows a remote unauthenticated attacker, who knows at least one valid username, to reset the account's password and take over the account by providing a crafted HTTP header to the application while using the password reset functionality....
Craftcms Craft Cms
8.8
CVSSv3
CVE-2021-41824
Craft CMS prior to 3.7.14 allows CSV injection.
Craftcms Craft Cms
8.8
CVSSv3
CVE-2018-3814
Craft CMS 2.6.3000 allows remote malicious users to execute arbitrary PHP code by using the "Assets->Upload files" screen and then the "Replace it" option, because this allows a .jpg file to have embedded PHP code, and then be renamed to a .php extension.
Craftcms Craft Cms 2.6.3000
2 Github repositories
7.5
CVSSv3
CVE-2023-36260
An issue exists in the Feed Me plugin 4.6.1 for Craft CMS. It allows remote malicious users to cause a denial of service (DoS) via crafted strings to Feed-Me Name and Feed-Me URL fields, due to saving a feed using an Asset element type with no volume selected. NOTE: this is not a...
Craftcms Craft Cms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race condition
CVE-2024-4249
CVE-2024-4244
CVE-2023-20198
TCP
CVE-2022-48648
CVE-2022-48636
CVE-2024-21345
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »