QwikSec

Security Database

CVE

CWE

Training

CVE-2021-27903

Published: Jun 30, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

An issue was discovered in Craft CMS before 3.6.7. In some circumstances, a potential Remote Code Execution vulnerability existed on sites that did not restrict administrative changes (if an attacker were somehow able to hijack an administrator's session).

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#security

x_refsource_MISC

https://github.com/craftcms/cms/commit/c17728fa0bec11d3b82c34defe0930ed409aec38

x_refsource_MISC

https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#367---2021-02-23

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.