Описание
Craft is a platform for creating digital experiences. In Craft versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the element-indexes/get-elements endpoint is vulnerable to SQL Injection via the criteria[orderBy] parameter (JSON body). The application fails to sanitize this input before using it in the database query. An attacker with Control Panel access can inject arbitrary SQL into the ORDER BY clause by omitting viewState[order] (or setting both to the same payload). This issue is patched in versions 4.16.18 and 5.8.22.
Ссылки
- Patch
- Release Notes
- ExploitVendor AdvisoryPatch
Уязвимые конфигурации
Конфигурация 1Версия от 4.0.0 (исключая) до 4.16.18 (исключая)Версия от 5.0.0 (исключая) до 5.8.22 (исключая)
Одно из
cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*
cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*
cpe:2.3:a:craftcms:craft_cms:4.0.0:-:*:*:*:*:*:*
cpe:2.3:a:craftcms:craft_cms:4.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:craftcms:craft_cms:4.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:craftcms:craft_cms:4.0.0:rc3:*:*:*:*:*:*
cpe:2.3:a:craftcms:craft_cms:5.0.0:-:*:*:*:*:*:*
cpe:2.3:a:craftcms:craft_cms:5.0.0:rc1:*:*:*:*:*:*
EPSS
Процентиль: 2%
0.00013
Низкий
8.8 High
CVSS3
Дефекты
CWE-89
Связанные уязвимости
github
около 2 месяцев назад
Craft CMS Vulnerable to SQL Injection in Element Indexes via `criteria[orderBy]`
EPSS
Процентиль: 2%
0.00013
Низкий
8.8 High
CVSS3
Дефекты
CWE-89