CVE-2023-41892
Summary
| CVE | CVE-2023-41892 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-09-13 20:15:00 UTC |
| Updated | 2023-09-19 01:38:00 UTC |
| Description | Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector. Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15. |
Risk And Classification
Problem Types: CWE-94
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Call beforeAction() up front · craftcms/cms@c0a37e1 · GitHub | MISC | github.com | |
| Call beforeAction() up front · craftcms/cms@c0a37e1 · GitHub | MISC | github.com | |
| cms/CHANGELOG.md at develop · craftcms/cms · GitHub | MISC | github.com | |
| Take two · craftcms/cms@a270b92 · GitHub | MISC | github.com | |
| Remote Code Execution · Advisory · craftcms/cms · GitHub | MISC | github.com | |
| Fixed an RCE vulnerability · craftcms/cms@7359d18 · GitHub | MISC | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 730924 Craft CMS Remote Code Execution (RCE) Vulnerability (GHSA-4w8r-3xrw-v25g)