Warning: Critical RCE vulnerability in Craft CMS
Referentie:
Advisory #2023-107
Versie:
1.0
Geïmpacteerde software:
Craft CMS
Type:
Remote code execution
CVE/CVSS:
CVE-2023-41892: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
Datum:
14/09/2023
Bronnen
https://github.com/advisories/GHSA-4w8r-3xrw-v25g
Risico’s
A vulnerability in Craft CMS can be remotely exploited by an attacker to upload and execute code. The complexity to exploit this vulnerability is low. The impact on the confidentiality and integrity of your or your customers data is high. Typically the Craft CMS is exposed to the public on the Internet.
Beschrijving
The Craft CMS that allows an attacker to upload code and execute the code under control of the attacker.
Aanbevolen acties
The Centre for Cyber Security Belgium strongly recommends to upgrade to the Craft CMS 4.4.15 as soon as possible.