CVE-2024-56145

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-56145
Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected by this vulnerability if their php.ini configuration has `register_argc_argv` enabled. For these users an unspecified remote code execution vector is present. Users are advised to update to version 3.9.14, 4.13.2, or 5.5.2. Users unable to upgrade should disable `register_argc_argv` to mitigate the issue.
CVSS

No CVSS.

References
Link Resource
https://github.com/craftcms/cms/commit/82e893fb794d30563da296bca31379c0df0079b3
https://github.com/craftcms/cms/security/advisories/GHSA-2p6p-9rc9-62j9
Configurations

No configuration.

History

19 Dec 2024, 21:15

Type Values Removed Values Added
Summary
  • (es) Craft es un CMS flexible y fácil de usar para crear experiencias digitales personalizadas en la web y más allá. Los usuarios de las versiones afectadas se ven afectados por esta vulnerabilidad si su configuración php.ini tiene `register_argc_argv` habilitado. Para estos usuarios existe un vector de ejecución de código remoto no especificado. Se recomienda a los usuarios que actualicen a la versión 4.13.2 o 5.5.2. Los usuarios que no puedan actualizar deben deshabilitar `register_argc_argv` para mitigar el problema.
Summary (en) Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected by this vulnerability if their php.ini configuration has `register_argc_argv` enabled. For these users an unspecified remote code execution vector is present. Users are advised to update to version 4.13.2 or 5.5.2. Users unable to upgrade should disable `register_argc_argv` to mitigate the issue. (en) Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected by this vulnerability if their php.ini configuration has `register_argc_argv` enabled. For these users an unspecified remote code execution vector is present. Users are advised to update to version 3.9.14, 4.13.2, or 5.5.2. Users unable to upgrade should disable `register_argc_argv` to mitigate the issue.

18 Dec 2024, 21:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-12-18 21:15

Updated : 2024-12-19 21:15

NVD link : CVE-2024-56145

Mitre link : CVE-2024-56145

CVE.ORG link : CVE-2024-56145

JSON object : View

Products Affected

No product.

CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')