Search for packages
| purl | pkg:composer/craftcms/cms@2.6.3000 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3twn-e7up-2ugq
Aliases: CVE-2018-20465 GHSA-j7fx-v37j-v3w7 |
Missing Encryption of Sensitive Data Craft CMS allows remote authenticated administrators to read sensitive information via server-side template injection which causes a cleartext username and password to be displayed in a URI field. |
Affected by 1 other vulnerability. |
|
VCID-gbf2-3kde-kkc4
Aliases: CVE-2018-3814 GHSA-r342-vjc4-wrmj |
Injection Vulnerability Craft CMS allows remote attackers to execute arbitrary PHP code by using the `Assets->Upload files` screen and then the `Replace it` option, because this allows a `.jpg` file to have embedded PHP code, and then be renamed to a `.php` extension. |
Affected by 2 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-xv52-rc7v-yba8
Aliases: CVE-2020-9757 GHSA-6q4j-8pjm-5mgc |
Injection Vulnerability The `SEOmatic` component for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the `metacontainers` controller. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-04T20:27:50.897467+00:00 | GitLab Importer | Affected by | VCID-xv52-rc7v-yba8 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/craftcms/cms/CVE-2020-9757.yml | 38.6.0 |
| 2026-06-04T20:17:47.564665+00:00 | GitLab Importer | Affected by | VCID-3twn-e7up-2ugq | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/craftcms/cms/CVE-2018-20465.yml | 38.6.0 |
| 2026-06-02T04:37:23.962293+00:00 | GitLab Importer | Affected by | VCID-gbf2-3kde-kkc4 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/craftcms/cms/CVE-2018-3814.yml | 38.6.0 |