Security Advisories - PKSA-chpm-5f12-rdnt - Packagist.org

PKSA-chpm-5f12-rdnt Security Advisory

[HIGH] Craft Commerce has a SQL Injection can lead to Remote Code Execution via TotalRevenue Widget

PKSA-chpm-5f12-rdnt CVE-2026-32271 GHSA-875v-7m49-8x88

Affected package: craftcms/commerce

Affected version: >=5.0.0,<=5.5.4|>=4.0.0,<=4.10.2

Reported by:
GitHub