{"id":"CVE-2021-27230","details":"ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP Code Injection by certain authenticated users who can leverage Translate::save() to write to an _lang.php file under the system/user/language directory.","modified":"2026-04-10T04:31:28.702348Z","published":"2021-03-15T23:15:12.703Z","references":[{"type":"ADVISORY","url":"https://expressionengine.com/features"},{"type":"ADVISORY","url":"http://seclists.org/fulldisclosure/2021/Mar/32"},{"type":"REPORT","url":"https://hackerone.com/reports/1093444"},{"type":"EVIDENCE","url":"http://karmainsecurity.com/KIS-2021-03"},{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/161805/ExpressionEngine-6.0.2-PHP-Code-Injection.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/expressionengine/expressionengine","events":[{"introduced":"0"},{"fixed":"b4a692b67facb71c4069d2d6cacd712cbe643667"},{"introduced":"203b551c98917782351408fb5330a2ac7bfca5e7"},{"fixed":"c07f240e92b0a2e05d0b3dcafcf5898421140491"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"5.4.2"},{"introduced":"6.0.0"},{"fixed":"6.0.3"}]}}],"versions":["5.4.0","5.4.1","6.0.0","6.0.1","6.0.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-27230.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}