Description

Invicti determined that the Craft CMS is vulnerable to remote code execution.

Remediation

Upgrade to the latest version of Craft CMS

References

Craft CMS Remote Code Execution vulnerability

CraftCMS RCE

Related Vulnerabilities

Oracle Database Server CVE-2008-1821 Vulnerability (CVE-2008-1821)

PHP Other Vulnerability (CVE-2006-1494)

Jenkins Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3663)

MySQL CVE-2013-5908 Vulnerability (CVE-2013-5908)

Oracle Database Server CVE-2011-0787 Vulnerability (CVE-2011-0787)

Severity

Critical

Classification

CVE-2023-41892 CWE-94 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L

Tags

Code Execution Known Vulnerabilities