VIR Vulnerability Intelligence Relay

Package impact

php Packagist / craftcms/cms

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2025-35939 unknown 1.5 1y ago Craft CMS contains an external control of assumed-immutable web parameter vulnerability. This vulnerability could allow an unauthenticated client to introduce arbitrary values, such as PHP code, to a… php
CVE-2025-32432 unknown 1.5 1y ago Craft CMS contains a code injection vulnerability that allows a remote attacker to execute arbitrary code. php
CVE-2025-23209 unknown 1.5 1y ago Craft CMS contains a code injection vulnerability caused by improper validation of the database backup path, ultimately enabling remote code execution. php
CVE-2024-56145 unknown 1.5 2y ago Craft CMS contains a code injection vulnerability. Users with affected versions are vulnerable to remote code execution if their php.ini configuration has `register_argc_argv` enabled. php