CVE-2023-30130
published 2023-05-12CVE-2023-30130: An issue found in CraftCMS v.3.8.1 allows a remote attacker to execute arbitrary code via a crafted script to the Section parameter.
PriorityP348high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
1.42%
69.4th percentile
An issue found in CraftCMS v.3.8.1 allows a remote attacker to execute arbitrary code via a crafted script to the Section parameter.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| craftcms | cms | 0 – 3.8.1 | — |
| craftcms | craft_cms | — | — |
| phpseclib | phpseclib | >= 0 < 1.0.1-3ubuntu0.1+esm1 | 1.0.1-3ubuntu0.1+esm1 |
| phpseclib | phpseclib | >= 0 < 1.0.9-1ubuntu0.1~esm1 | 1.0.9-1ubuntu0.1~esm1 |
| phpseclib | phpseclib | >= 0 < 1.0.18-2ubuntu0.1~esm1 | 1.0.18-2ubuntu0.1~esm1 |
| phpseclib | phpseclib | >= 0 < 1.0.20-1ubuntu0.1~esm1 | 1.0.20-1ubuntu0.1~esm1 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
phpseclib vulnerabilities
osv·2025-04-02·CVSS 7.5
CVE-2021-30130 phpseclib vulnerabilities
phpseclib vulnerabilities
It was discovered that phpseclib did not correctly handle RSA PKCS#1
v1.5 signature verification. An attacker could possibly use this issue to
bypass authentication. This issue only affected Ubuntu 20.04 LTS.
(CVE-2021-30130)
It was discovered that phpseclib did not correctly handle certain
characters in certain TLS fields, which could lead to name confusion.
An attacker could possibly use this issue to bypass authentication.
(CVE-2023-52892)
It was discovered that phpseclib incorrectly limited the size of prime
numbers generated by isPrime. An attacker could possibly use this issue
to cause a denial of service. (CVE-2024-27354)
It was discovered that phpseclib did not correctly handle processing the
ASN.1 object identifier of a certificate. An attacker could
GHSA
CraftCMS allows remote attacker to execute arbitrary code via crafted script to Section parameter
ghsa·2023-05-12
CVE-2023-30130 [HIGH] CWE-94 CraftCMS allows remote attacker to execute arbitrary code via crafted script to Section parameter
CraftCMS allows remote attacker to execute arbitrary code via crafted script to Section parameter
An issue found in CraftCMS v.3.8.1 allows a remote attacker to execute arbitrary code via a crafted script to the Section parameter.
OSV
CraftCMS allows remote attacker to execute arbitrary code via crafted script to Section parameter
osv·2023-05-12
CVE-2023-30130 [HIGH] CraftCMS allows remote attacker to execute arbitrary code via crafted script to Section parameter
CraftCMS allows remote attacker to execute arbitrary code via crafted script to Section parameter
An issue found in CraftCMS v.3.8.1 allows a remote attacker to execute arbitrary code via a crafted script to the Section parameter.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-05-12
Published