CVE-2023-30130 — Code Injection in CMS

Severity

8.8HIGHNVD

OSV7.5

EPSS

5.0%

top 10.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedMay 12

Latest updateApr 2

Description

An issue found in CraftCMS v.3.8.1 allows a remote attacker to execute arbitrary code via a crafted script to the Section parameter.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

▶Packagistcraftcms/cms3.8.1

▶Ubuntuphpseclib/phpseclib< 1.0.1-3ubuntu0.1+esm1+3

OSV

phpseclib vulnerabilities↗2025-04-02

▶

CVEList

CVE-2023-30130: An issue found in CraftCMS v↗2023-05-12

▶

GHSA

CraftCMS allows remote attacker to execute arbitrary code via crafted script to Section parameter↗2023-05-12

▶

OSV

CraftCMS allows remote attacker to execute arbitrary code via crafted script to Section parameter↗2023-05-12

▶