CraftCMS is a CMS program. CraftCMS version v3.8.1 suffers from a code injection vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by Section parameters, which can be exploited by an attacker to execute arbitrary Web script or HTML by injecting a carefully crafted payload.