QwikSec

Security Database

CVE

CWE

Training

CVE-2023-41892

Published: Sep 13, 2023

Modified: Feb 13, 2025

PUBLISHED

CVSS v3.1

10.0

CRITICAL

Description

Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector. Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15.

Vendor	Product	Versions
craftcms	cms	affected `>= 4.0.0-RC1, <= 4.4.14`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

Low

References

https://github.com/craftcms/cms/security/advisories/GHSA-4w8r-3xrw-v25g

x_refsource_CONFIRM

https://github.com/craftcms/cms/commit/7359d18d46389ffac86c2af1e0cd59e37c298857

x_refsource_MISC

https://github.com/craftcms/cms/commit/a270b928f3d34ad3bd953b81c304424edd57355e

x_refsource_MISC

https://github.com/craftcms/cms/commit/c0a37e15cc925c473e60e27fe64054993b867ac1

x_refsource_MISC

https://github.com/craftcms/cms/commit/c0a37e15cc925c473e60e27fe64054993b867ac1#diff-47dd43d86f85161944dfcce2e41d31955c4184672d9bd9d82b948c6b01b86476

x_refsource_MISC

https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4415---2023-07-03-critical

x_refsource_MISC

http://packetstormsecurity.com/files/176303/Craft-CMS-4.4.14-Remote-Code-Execution.html

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.