HomePentest-Tools.com Logo

CraftCMS < 4.4.15 - Unauthenticated Remote Code Execution CVE-2023-41892

Severity
CVSSv3 Score
9.8
Vulnerability description

Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector leading to Remote Code Execution (RCE). Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15.

Risk description

The risk exists that a remote unauthenticated attacker can fully compromise the server to steal confidential information, install ransomware, or pivot to the internal network.

Recommendation

We recommend you to upgrade the affected software to the latest version, which mitigates this vulnerability.

Codename
Not available
Detectable with
Network Scanner
Scan engine
Nuclei
Exploitable with Sniper
No
CVE Published
Sep 13, 2023
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available