Description

Acunetix determined that the Craft CMS is vulnerable to remote code execution.

Remediation

Upgrade to the latest version of Craft CMS

References

Craft CMS Remote Code Execution vulnerability

CraftCMS RCE

Related Vulnerabilities

PrestaShop Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-26129)

Drupal Incorrect Authorization Vulnerability (CVE-2022-25274)

Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2009-2901)

PHP Improper Input Validation Vulnerability (CVE-2015-8879)

CubeCart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-20703)

Severity

Critical

Classification

CVE-2023-41892 CWE-94 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L

Tags

Code Execution Known Vulnerabilities