Description

Invicti determined that the Craft CMS is vulnerable to remote code execution.

Remediation

Upgrade to the latest version of Craft CMS

References

Craft CMS Remote Code Execution vulnerability

CraftCMS RCE

Related Vulnerabilities

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-0287)

SharePoint CVE-2021-1726 Vulnerability (CVE-2021-1726)

osCommerce Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-43716)

Jenkins Improper Authentication Vulnerability (CVE-2014-2066)

Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-2157)

Severity

Critical

Classification

CVE-2023-41892 CWE-94 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L

Tags

Code Execution Known Vulnerabilities