Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
&color=brightgreen)
Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected by this vulnerability if their php.ini configuration has `register_argc_argv` enabled. For these users an unspecified remote code execution vector is present. Users are advised to update to version 3.9.14, 4.13.2, or 5.5.2. Users unable to upgrade should disable `register_argc_argv` to mitigate the issue.
No PoCs from references.
- https://github.com/20142995/nuclei-templates
- https://github.com/Chocapikk/CVE-2024-56145
- https://github.com/J1ezds/Vulnerability-Wiki-page
- https://github.com/Ostorlab/KEV
- https://github.com/Sachinart/CVE-2024-56145-craftcms-rce
- https://github.com/Threekiii/Awesome-POC
- https://github.com/Threekiii/CVE
- https://github.com/craftcms/security-patches
- https://github.com/cyb3r-w0lf/nuclei-template-collection
- https://github.com/dev-chenxing/repos
- https://github.com/felixsta/Using_CVSS
- https://github.com/felixsta/Vulnerability_detection
- https://github.com/hmhlol/craft-cms-RCE-CVE-2024-56145
- https://github.com/packetinside/CISA_BOT
- https://github.com/plzheheplztrying/cve_monitor
- https://github.com/rawtips/craft_cve_2024_56145_exploit.py
- https://github.com/ums91/CISA_BOT