CVE-2023-30130: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

May 12, 2023 (updated May 22, 2023)

An issue found in CraftCMS v.3.8.1 allows a remote attacker to execute arbitrary code via a crafted script to the Section parameter.

References

craftcms.com/
github.com/advisories/GHSA-fjx5-xm7q-whvj
nvd.nist.gov/vuln/detail/CVE-2023-30130
tf1t.gitbook.io/mycve/craftcms/server-site-template-injection-on-craftcms-3.8.1

Detect and mitigate CVE-2023-30130 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →