Description
An issue was discovered in Craft CMS before 3.6.7. In some circumstances, a potential Remote Code Execution vulnerability existed on sites that did not restrict administrative changes (if an attacker were somehow able to hijack an administrator's session).
Remediation
References
Related Vulnerabilities
Drupal Core 8.6.x Multiple Vulnerabilities (8.6.0 - 8.6.14)
e107 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2010-5084)
WordPress Plugin Yet Another Photoblog Unspecified Vulnerability (1.10.6)
WordPress Plugin Spiffy Calendar Cross-Site Scripting (3.2.0)
WordPress Plugin Gallery-Flagallery Photo Portfolio 'skin' Parameter Cross-Site Scripting (1.72)