Shodan
Vulnerabilities
Vulnerable Software
Craftcms:  >> Craft Cms  >> 0.9.2184  Security Vulnerabilities
CVE-2021-27903
An issue was discovered in Craft CMS before 3.6.7. In some circumstances, a potential Remote Code Execution vulnerability existed on sites that did not restrict administrative changes (if an attacker were somehow able to hijack an administrator's session).
CVSS Score
9.8
EPSS Score
0.038
Published
2021-06-30
CVE-2021-32470
Craft CMS before 3.6.13 has an XSS vulnerability.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-05-07
CVE-2020-9757
The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the metacontainers controller.
CVSS Score
9.8
EPSS Score
0.938
Published
2020-03-04
CVE-2019-15929
In Craft CMS through 3.1.7, the elevated session password prompt was not being rate limited like normal login forms, leading to the possibility of a brute force attempt on them.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-10-24
CVE-2019-17496
Craft CMS before 3.3.8 has stored XSS via a name field. This field is mishandled during site deletion.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-10-11
CVE-2019-12823
Craft CMS before 3.1.31 does not properly filter XML feeds and thus allowing XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-06-18
CVE-2018-20465
Craft CMS through 3.0.34 allows remote authenticated administrators to read sensitive information via server-side template injection, as demonstrated by a {% string for craft.app.config.DB.user and craft.app.config.DB.password in the URI Format of the Site Settings, which causes a cleartext username and password to be displayed in a URI field.
CVSS Score
7.2
EPSS Score
0.007
Published
2018-12-25
CVE-2017-9516
Craft CMS before 2.6.2982 allows for a potential XSS attack vector by uploading a malicious SVG file.
CVSS Score
5.4
EPSS Score
0.009
Published
2017-06-08
CVE-2017-8383
Craft CMS before 2.6.2976 does not properly restrict viewing the contents of files in the craft/app/ folder.
CVSS Score
5.3
EPSS Score
0.003
Published
2017-05-01
CVE-2017-8384
Craft CMS before 2.6.2976 allows XSS attacks because an array returned by HttpRequestService::getSegments() and getActionSegments() need not be zero-based. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-8052.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-05-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved