Filtered by vendor Craftcms
Subscribe
Total
45 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-3814 | 1 Craftcms | 1 Craft Cms | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| Craft CMS 2.6.3000 allows remote attackers to execute arbitrary PHP code by using the "Assets->Upload files" screen and then the "Replace it" option, because this allows a .jpg file to have embedded PHP code, and then be renamed to a .php extension. | |||||
| CVE-2017-8052 | 1 Craftcms | 1 Craft Cms | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Craft CMS before 2.6.2974 allows XSS attacks. | |||||
| CVE-2017-8385 | 1 Craftcms | 1 Craft Cms | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Craft CMS before 2.6.2976 does not prevent modification of the URL in a forgot-password email message. | |||||
| CVE-2017-8383 | 1 Craftcms | 1 Craft Cms | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Craft CMS before 2.6.2976 does not properly restrict viewing the contents of files in the craft/app/ folder. | |||||
| CVE-2017-8384 | 1 Craftcms | 1 Craft Cms | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Craft CMS before 2.6.2976 allows XSS attacks because an array returned by HttpRequestService::getSegments() and getActionSegments() need not be zero-based. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-8052. | |||||