CNNVD-202601-815 Information
Jan 05, 2026
cve
CNNVD ID
CNNVD-202601-815
Related CVE
- CNNVD Published: 2026-01-05
Description (Chinese)
Craft CMS是Craft CMS开源的一套内容管理系统(CMS)。 Craft CMS 5.0.0-RC1版本至5.8.20版本和4.0.0-RC1版本至4.16.16版本存在信息泄露漏洞,该漏洞源于用户个人资料照片处理不当,可能导致敏感资产暴露。
Description (English)
Craft CMS is an open-source CMS content management system. Craft CMS 5.0.0-RC1 to 5.8.20 and 4.0.0-RC1 to 4.16.16 have information leaks, which stem from inappropriate processing of user personal data photographs and may lead to the exposure of sensitive assets.
Hazard Level
High
Vulnerability Type
信息泄露
Affected Vendor
Craft CMS
Published
2026-01-05
Last Modified
2026-02-24
References
https://github.com/craftcms/cms/commit/4bcb0db554e273b66ce3b75263a13414c2368fc9 https://github.com/craftcms/cms/security/advisories/GHSA-53vf-c43h-j2x9
Patch
https://github.com/craftcms/cms/releases
Share on: