CVE-2024-56145

CriticalKnown Exploited

Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are…

GitHub_M·CWE-94·Published 2024-12-18

CVSS

9.8

EPSS

0.97

KEV

Yes

Exploits

cve.orgen

448 chars

Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected by this vulnerability if their php.ini configuration has `register_argc_argv` enabled. For these users an unspecified remote code execution vector is present. Users are advised to update to version 3.9.14, 4.13.2, or 5.5.2. Users unable to upgrade should disable `register_argc_argv` to mitigate the issue.

NVDen

448 chars

OSV.deven

262 chars

### Impact You are affected if your php.ini configuration has `register_argc_argv` enabled. ### Patches Update to 3.9.14, 4.13.2, or 5.5.2. ### Workarounds If you can't upgrade yet, and `register_argc_argv` is enabled, you can disable it to mitigate the issue.

GHSAen

262 chars

NVDes

520 chars

Craft es un CMS flexible y fácil de usar para crear experiencias digitales personalizadas en la web y más allá. Los usuarios de las versiones afectadas se ven afectados por esta vulnerabilidad si su configuración php.ini tiene `register_argc_argv` habilitado. Para estos usuarios existe un vector de ejecución de código remoto no especificado. Se recomienda a los usuarios que actualicen a la versión 4.13.2 o 5.5.2. Los usuarios que no puedan actualizar deben deshabilitar `register_argc_argv` para mitigar el problema.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Secondary	GHSA	9.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
4.0	Primary	cve.org	9.3	—	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
4.0	Secondary	NVD	9.3	—	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
4.0	Secondary	GHSA	9.3	—	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A