CVE-2021-27903

Опубликовано: 30 июн. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

An issue was discovered in Craft CMS before 3.6.7. In some circumstances, a potential Remote Code Execution vulnerability existed on sites that did not restrict administrative changes (if an attacker were somehow able to hijack an administrator's session).

Ссылки

https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#367---2021-02-23
Release Notes
Third Party Advisory
https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#security
Release Notes
Third Party Advisory
https://github.com/craftcms/cms/commit/c17728fa0bec11d3b82c34defe0930ed409aec38
Patch
Third Party Advisory
https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#367---2021-02-23
Release Notes
Third Party Advisory
https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#security
Release Notes
Third Party Advisory
https://github.com/craftcms/cms/commit/c17728fa0bec11d3b82c34defe0930ed409aec38
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*

Версия до 3.6.7 (исключая)

EPSS

Процентиль: 88%

0.03824

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-862

Связанные уязвимости

GHSA-x2j7-6hxm-87p3