CVE List


Severe 9.8

An issue was discovered in Craft CMS before 3.6.7. In some circumstances, a potential Remote Code Execution vulnerability existed on sites that did not restrict administrative changes (if an attacker were somehow able to hijack an administrator's session).

Published June 30, 2021.

Affected software

Get alerts for Craftcms Craft CMS

Reference links