CVE-2023-26020

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-26020

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-26020.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-26020

Published

2023-02-17T18:15:12.180Z

Modified

2026-04-10T04:56:11.288694Z

Severity

7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crafter Studio on Linux, MacOS, Windows, x86, ARM, 64 bit allows SQL Injection.This issue affects CrafterCMS v4.0 from 4.0.0 through 4.0.1, and v3.1 from 3.1.0 through 3.1.26.

References

https://docs.craftercms.org/en/4.0/security/advisory.html#cv-2023021701

Affected packages

Git / github.com/craftercms/craftercms

Affected ranges

Type

GIT

Repo

https://github.com/craftercms/craftercms

Events

Introduced

8b4368c37a3ccdddbd37c1dd915d8352b3c6f1ef

Last affected

a0de0c7433801e6f98478dcdb349c742b37bdeac

Introduced

d5dabb5ca2dd63517f457201749aad71b02435f5

Last affected

f20a63b14499ee631ce4074e5c0fba3c0cfd15f7

Database specific

{
    "versions": [
        {
            "introduced": "3.1.0"
        },
        {
            "last_affected": "3.1.26"
        },
        {
            "introduced": "4.0.0"
        },
        {
            "last_affected": "4.0.1"
        }
    ]
}

Affected versions

v3.*

v3.1.0

v3.1.1

v3.1.10

v3.1.11

v3.1.12

v3.1.15

v3.1.16

v3.1.17

v3.1.18

v3.1.19

v3.1.20

v3.1.21

v3.1.23

v3.1.24

v3.1.25

v3.1.26

v3.1.4

v3.1.5

v3.1.6

v3.1.7

v3.1.8

v3.1.9

v4.*

v4.0.0

v4.0.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-26020.json"