Description

Acunetix determined that the Craft CMS is vulnerable to remote code execution.

Remediation

Upgrade to the latest version of Craft CMS

References

Craft CMS Remote Code Execution vulnerability

CraftCMS RCE

Related Vulnerabilities

WordPress Plugin Plainview Activity Monitor Remote Command Execution (20161228)

Telerik Web UI Insecure Direct Object Reference

Oracle Sun GlassFish/Java System Application Server Remote Authentication Bypass Vulnerability

WordPress Plugin Photo Gallery, Images, Slider in Rbs Image Gallery Remote Code Execution (2.0.14)

Arbitrary EL Evaluation in RichFaces

Severity

Critical

Classification

CVE-2023-41892 CWE-94 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L

Tags

Code Execution