Description

Acunetix determined that the Craft CMS is vulnerable to remote code execution.

Remediation

Upgrade to the latest version of Craft CMS

References

Craft CMS Remote Code Execution vulnerability

CraftCMS RCE

Related Vulnerabilities

ownCloud Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-4391)

Apache Traffic Server Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-9511)

CherryPy Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-0252)

Jenkins Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-1000504)

GlassFish CVE-2016-3607 Vulnerability (CVE-2016-3607)

Severity

Critical

Classification

CVE-2023-41892 CWE-94 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L

Tags

Code Execution Known Vulnerabilities