Craft CMS Code Injection Vulnerability
Vendor: Craft CMS
Product: Craft CMS
Added: 2025-02-20
Due Date: 2025-03-13
Description:
Craft CMS contains a code injection vulnerability caused by improper validation of the database backup path, ultimately enabling remote code execution.
Required Action:
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
CWEs: