craftcms/cms Security Advisories for 3.9.0 (5)
-
[HIGH] Craft CMS has potential RCE when PHP `register_argc_argv` config setting is enabled
PKSA-xh7q-jwpn-v1cd CVE-2024-56145 GHSA-2p6p-9rc9-62j9
Affected version: >=3.0.0,<3.9.14|>=4.0.0-RC1,<4.13.2|>=5.0.0-RC1,<5.5.2
Reported by:
GitHub -
[HIGH] Craft CMS Arbitrary System File Read
PKSA-jkbm-w624-yb7q CVE-2024-52292 GHSA-cw6g-qmjq-6w2w
Affected version: >=3.5.13,<=4.12.6.1|>=5.0.0-alpha.1,<=5.4.7.1
Reported by:
GitHub -
[MEDIUM] Craft CMS Feed-Me
PKSA-yq9g-7wmy-ph9w CVE-2023-36260 GHSA-6p78-f7h9-6838
Affected version: <4.6.2
Reported by:
GitHub -
[MEDIUM] Craft CMS Privilege Escalation
PKSA-gcgv-38nz-y8bs CVE-2024-21622 GHSA-j5g9-j7r4-6qvx
Affected version: >=3.0.0,<=3.9.5|>=4.0.0-RC1,<=4.5.10
Reported by:
GitHub -
[MEDIUM] Craft CMS vulnerable to HTML injection
PKSA-htxf-m811-km69 CVE-2023-33495 GHSA-m3v5-gjj9-rg24
Affected version: <=4.4.9
Reported by:
GitHub