CVE-2023-26020

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crafter Studio on Linux, MacOS, Windows, x86, ARM, 64 bit allows SQL Injection.This issue affects CrafterCMS v4.0 from 4.0.0 through 4.0.1, and v3.1 from 3.1.0 through 3.1.26.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:craftercms:crafter_cms:*:*:*:*:*:*:*:*
cpe:2.3:a:craftercms:crafter_cms:*:*:*:*:*:*:*:*
OR cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

07 Nov 2023, 04:09

Type Values Removed Values Added
Summary Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crafter Studio on Linux, MacOS, Windows, x86, ARM, 64 bit allows SQL Injection.This issue affects CrafterCMS v4.0 from 4.0.0 through 4.0.1, and v3.1 from 3.1.0 through 3.1.26. Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crafter Studio on Linux, MacOS, Windows, x86, ARM, 64 bit allows SQL Injection.This issue affects CrafterCMS v4.0 from 4.0.0 through 4.0.1, and v3.1 from 3.1.0 through 3.1.26.

28 Feb 2023, 15:52

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.2
CPE cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:a:craftercms:crafter_cms:*:*:*:*:*:*:*:*
CWE CWE-89
First Time Craftercms crafter Cms
Apple macos
Linux
Linux linux Kernel
Microsoft windows
Craftercms
Microsoft
Apple
References (MISC) https://docs.craftercms.org/en/4.0/security/advisory.html#cv-2023021701 - (MISC) https://docs.craftercms.org/en/4.0/security/advisory.html#cv-2023021701 - Vendor Advisory

17 Feb 2023, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-02-17 18:15

Updated : 2023-12-10 14:48


NVD link : CVE-2023-26020

Mitre link : CVE-2023-26020

CVE.ORG link : CVE-2023-26020


JSON object : View

Products Affected

linux

  • linux_kernel

apple

  • macos

microsoft

  • windows

craftercms

  • crafter_cms
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')