CVE-2023-30130: CraftCMS allows remote attacker to execute arbitrary code via crafted script to Section parameter

May 12, 2023 (updated January 24, 2025)

An issue found in CraftCMS v.3.8.1 allows a remote attacker to execute arbitrary code via a crafted script to the Section parameter.

References

craftcms.com/
github.com/advisories/GHSA-fjx5-xm7q-whvj
github.com/craftcms/cms
nvd.nist.gov/vuln/detail/CVE-2023-30130
tf1t.gitbook.io/mycve/craftcms/server-site-template-injection-on-craftcms-3.8.1

Code Behaviors & Features

Detect and mitigate CVE-2023-30130 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →