Package impact
Packagist / craftcms/cms
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2025-35939 | unknown | — | 1.5 | 1y ago | Craft CMS contains an external control of assumed-immutable web parameter vulnerability. This vulnerability could allow an unauthenticated client to introduce arbitrary values, such as PHP code, to a… | |
| CVE-2025-32432 | unknown | — | 1.5 | 1y ago | Craft CMS contains a code injection vulnerability that allows a remote attacker to execute arbitrary code. | |
| CVE-2025-23209 | unknown | — | 1.5 | 1y ago | Craft CMS contains a code injection vulnerability caused by improper validation of the database backup path, ultimately enabling remote code execution. | |
| CVE-2024-56145 | unknown | — | 1.5 | 2y ago | Craft CMS contains a code injection vulnerability. Users with affected versions are vulnerable to remote code execution if their php.ini configuration has `register_argc_argv` enabled. |