Other official information and services: www.belgium.be

Warning: Critical RCE vulnerability in Craft CMS

Referentie:

Advisory #2023-107

Versie:

1.0

Geïmpacteerde software:

Craft CMS

Type:

Remote code execution

CVE/CVSS:

CVE-2023-41892: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L

Datum:

14/09/2023

Bronnen

https://github.com/advisories/GHSA-4w8r-3xrw-v25g

Risico’s

A vulnerability in Craft CMS can be remotely exploited by an attacker to upload and execute code. The complexity to exploit this vulnerability is low. The impact on the confidentiality and integrity of your or your customers data is high. Typically the Craft CMS is exposed to the public on the Internet.

Beschrijving

The Craft CMS that allows an attacker to upload code and execute the code under control of the attacker.

Aanbevolen acties

The Centre for Cyber Security Belgium strongly recommends to upgrade to the Craft CMS 4.4.15 as soon as possible.

Referenties

https://github.com/advisories/GHSA-4w8r-3xrw-v25g

https://nvd.nist.gov/vuln/detail/CVE-2023-41892

https://blog.calif.io/p/craftcms-rce