Craftcms

Craft Cms

57 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2018-20418

Exploit
  • EPSS 0.5%
  • Published 24.12.2018 04:29:00
  • Last modified 21.11.2024 04:01:26

index.php?p=admin/actions/entries/save-entry in Craft CMS 3.0.25 allows XSS by saving a new title from the console tab.

8.8

CVE-2018-3814

Exploit
  • EPSS 0.7%
  • Published 01.01.2018 20:29:00
  • Last modified 21.11.2024 04:06:05

Craft CMS 2.6.3000 allows remote attackers to execute arbitrary PHP code by using the "Assets->Upload files" screen and then the "Replace it" option, because this allows a .jpg file to have embedded PHP code, and then be renamed to a .php extension.

5.4

CVE-2017-9516

Media report Exploit
  • EPSS 0.9%
  • Published 08.06.2017 13:29:00
  • Last modified 20.04.2025 01:37:25

Craft CMS before 2.6.2982 allows for a potential XSS attack vector by uploading a malicious SVG file.

5.3

CVE-2017-8385

  • EPSS 0.28%
  • Published 01.05.2017 06:59:00
  • Last modified 20.04.2025 01:37:25

Craft CMS before 2.6.2976 does not prevent modification of the URL in a forgot-password email message.

6.1

CVE-2017-8384

  • EPSS 0.31%
  • Published 01.05.2017 06:59:00
  • Last modified 20.04.2025 01:37:25

Craft CMS before 2.6.2976 allows XSS attacks because an array returned by HttpRequestService::getSegments() and getActionSegments() need not be zero-based. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-8052.

5.3

CVE-2017-8383

  • EPSS 0.32%
  • Published 01.05.2017 06:59:00
  • Last modified 20.04.2025 01:37:25

Craft CMS before 2.6.2976 does not properly restrict viewing the contents of files in the craft/app/ folder.

6.1

CVE-2017-8052

  • EPSS 0.35%
  • Published 22.04.2017 01:59:02
  • Last modified 20.04.2025 01:37:25

Craft CMS before 2.6.2974 allows XSS attacks.