Описание
Craft is a content management system. Versions of Craft CMS on the 4.x branch prior to 4.14.13 and on the 5.x branch prior to 5.6.16 contains a potential remote code execution vulnerability via Twig SSTI. One must have administrator access and ALLOW_ADMIN_CHANGES must be enabled for this to work. Users should update to the patched versions 4.14.13 or 5.6.15 to mitigate the issue.
Ссылки
- Patch
- Product
- Third Party Advisory
- Not Applicable
Уязвимые конфигурации
Конфигурация 1Версия от 4.1.0 (включая) до 4.14.13 (исключая)Версия от 5.1.0 (включая) до 5.6.15 (исключая)
Одно из
cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*
cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*
cpe:2.3:a:craftcms:craft_cms:4.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:craftcms:craft_cms:4.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:craftcms:craft_cms:4.0.0:rc3:*:*:*:*:*:*
cpe:2.3:a:craftcms:craft_cms:5.0.0:rc1:*:*:*:*:*:*
EPSS
Процентиль: 54%
0.00312
Низкий
7.2 High
CVSS3
Дефекты
CWE-1336
Связанные уязвимости
github
9 месяцев назад
Craft CMS Contains a Potential Remote Code Execution Vulnerability via Twig SSTI
EPSS
Процентиль: 54%
0.00312
Низкий
7.2 High
CVSS3
Дефекты
CWE-1336