How does the CVE-2023-26020 vulnerability affect CrafterCMS?

The CVE-2023-26020 vulnerability affects CrafterCMS versions 4.0.0 through 4.0.1, as well as versions 3.1.0 through 3.1.26.

What is the severity of CVE-2023-26020?

The severity of CVE-2023-26020 is high, with a CVSS score of 7.2.

How can I fix the CVE-2023-26020 vulnerability in CrafterCMS?

To fix the CVE-2023-26020 vulnerability, update CrafterCMS to version 4.0.2 or newer for 4.x versions, or version 3.1.27 or newer for 3.x versions.

Where can I find more information about CVE-2023-26020?

More information about CVE-2023-26020 can be found at the official CrafterCMS security advisory: [https://docs.craftercms.org/en/4.0/security/advisory.html#cv-2023021701](https://docs.craftercms.org/en/4.0/security/advisory.html#cv-2023021701)

Vulnerability/
CVE-2023-26020

high

7.2

CWE

17/2/2023

28/2/2023

CVE-2023-26020: SQL Injection

Q: What is CVE-2023-26020?

CVE-2023-26020 is an SQL Injection vulnerability in Crafter Studio on Linux, MacOS, Windows that allows for SQL Injection attacks.

First published: Fri Feb 17 2023(Updated: )

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crafter Studio on Linux, MacOS, Windows, x86, ARM, 64 bit allows SQL Injection.This issue affects CrafterCMS v4.0 from 4.0.0 through 4.0.1, and v3.1 from 3.1.0 through 3.1.26.

Credit: security@craftersoftware.com

Affected Software	Affected Version	How to fix
Craftercms Crafter Cms	>=3.1.0<=3.1.26
Craftercms Crafter Cms	>=4.0.0<=4.0.1
Apple macOS
Linux Linux kernel
Microsoft Windows

Never miss a vulnerability like this again

Reference Links

https://docs.craftercms.org/en/4.0/security/advisory.html#cv-2023021701

Frequently Asked Questions

What is CVE-2023-26020?
CVE-2023-26020 is an SQL Injection vulnerability in Crafter Studio on Linux, MacOS, Windows that allows for SQL Injection attacks.
How does the CVE-2023-26020 vulnerability affect CrafterCMS?
The CVE-2023-26020 vulnerability affects CrafterCMS versions 4.0.0 through 4.0.1, as well as versions 3.1.0 through 3.1.26.
What is the severity of CVE-2023-26020?
The severity of CVE-2023-26020 is high, with a CVSS score of 7.2.
How can I fix the CVE-2023-26020 vulnerability in CrafterCMS?
To fix the CVE-2023-26020 vulnerability, update CrafterCMS to version 4.0.2 or newer for 4.x versions, or version 3.1.27 or newer for 3.x versions.
Where can I find more information about CVE-2023-26020?
More information about CVE-2023-26020 can be found at the official CrafterCMS security advisory: [https://docs.craftercms.org/en/4.0/security/advisory.html#cv-2023021701](https://docs.craftercms.org/en/4.0/security/advisory.html#cv-2023021701)

collector/nvd-index
vendor/craftercms
canonical/craftercms crafter cms
version/craftercms crafter cms/3.1.0
version/craftercms crafter cms/3.1.26
version/craftercms crafter cms/4.0.0
version/craftercms crafter cms/4.0.1
vendor/apple
canonical/apple macos
vendor/linux
canonical/linux linux kernel
vendor/microsoft
canonical/microsoft windows

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.