CVE-2021-27903

Code Injection in packagist/craftcms/cms

Identifier

CVE-2021-27903

Package Slug

packagist/craftcms/cms

Vulnerability

Code Injection

Description

An issue was discovered in Craft CMS. In some circumstances, a potential Remote Code Execution vulnerability existed on sites that did not restrict administrative changes (if an attacker were somehow able to hijack an administrator's session).

Affected Versions

All versions before 3.6.7

Solution

Upgrade to version 3.6.7 or above.

Last Modified

2021-07-08

source