CVE-2023-26020 — MEDIUM (5.7)

Q: How severe is CVE-2023-26020?

CVE-2023-26020 has been rated MEDIUM with a CVSS base score of 5.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-26020?

Check the references section above for vendor advisories and patch information. Affected products include: Craftercms Crafter Cms, Apple Macos, Linux Linux Kernel, Microsoft Windows.

Vulnerability Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crafter Studio on Linux, MacOS, Windows, x86, ARM, 64 bit allows SQL Injection.This issue affects CrafterCMS v4.0 from 4.0.0 through 4.0.1, and v3.1 from 3.1.0 through 3.1.26.

CVSS Score

5.7

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Craftercms	Crafter Cms	>= 3.1.0, <= 3.1.26
Apple	Macos	-
Linux	Linux Kernel	-
Microsoft	Windows	-

Related Weaknesses (CWE)

CWE-89

References

https://docs.craftercms.org/en/4.0/security/advisory.html#cv-2023021701Vendor Advisory
https://docs.craftercms.org/en/4.0/security/advisory.html#cv-2023021701Vendor Advisory

FAQ

What is CVE-2023-26020?

CVE-2023-26020 is a vulnerability with a CVSS score of 5.7 (MEDIUM). Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crafter Studio on Linux, MacOS, Windows, x86, ARM, 64 bit allows SQL Injection.This issue affects ...

How severe is CVE-2023-26020?

CVE-2023-26020 has been rated MEDIUM with a CVSS base score of 5.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-26020?

Check the references section above for vendor advisories and patch information. Affected products include: Craftercms Crafter Cms, Apple Macos, Linux Linux Kernel, Microsoft Windows.