CVE-2023-26020EPSS p34.7%

CVE-2023-26020CVE-2023-26020

craftercms / crafter_cms

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crafter Studio on Linux, MacOS, Windows, x86, ARM, 64 bit allows SQL Injection.This issue affects CrafterCMS v4.0 from 4.0.0 through 4.0.1, and v3.1 from 3.1.0 through 3.1.26.

Scoring

CVSS 5.7 ()
VectorCVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H
EPSS0.44% probability of exploitation · percentile 34.7% · 2026-06-19T12:03:05Z
Last modified2026-06-17
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.