WEB APPLICATION VULNERABILITIES Standard & Premium

Craft CMS RCE (CVE-2023-41892)

Description

Acunetix determined that the Craft CMS is vulnerable to remote code execution.

Remediation

Upgrade to the latest version of Craft CMS

References

Craft CMS Remote Code Execution vulnerability

Related Vulnerabilities

Zikula Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-2293)

Drupal Core 8.x.x Remote Code Execution (8.0.0 - 8.3.8)

WordPress Plugin File Manager Remote Code Execution (4.5)

Horde remote code execution

vBulletin 5.x 0day pre-auth RCE

Severity

Critical

Classification

CVE-2023-41892 CWE-94 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L

Tags

Code Execution