CNNVD-202601-813 Information

CNNVD ID

CNNVD-202601-813

Related CVE

CVE-2025-68456

• CNNVD Published: 2026-01-05

Description (Chinese)

Craft CMS是Craft CMS开源的一套内容管理系统（CMS）。 Craft CMS 5.0.0-RC1版本至5.8.20版本和3.0.0版本至4.16.16版本存在安全漏洞，该漏洞源于未经身份验证的用户可触发数据库备份操作，可能导致资源耗尽或信息泄露。

Description (English)

Craft CMS is an open-source CMS content management system. Craft CMS Versions 5.0.0-RC1 to 5.8.20 and 3.0.0 to 4.16.16 have a security loophole, which stems from the fact that unidentified users can trigger back-up of the database, which may lead to resource depletion or information disclosure.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

Craft CMS

Published

2026-01-05

Last Modified

2026-02-24

References

https://github.com/craftcms/cms/blob/5.x/CHANGELOG.md#5821—2025-12-04 https://github.com/craftcms/cms/commit/f83d4e0c6b906743206b4747db4abf8164b8da39 https://github.com/craftcms/cms/security/advisories/GHSA-v64r-7wg9-23pr

Patch

https://github.com/craftcms/cms/releases