Remote Code Execution Vulnerability in Craft CMS for Specific PHP Configurations
CVE-2024-56145

9.3CRITICAL

Key Information:

Vendor: Craftcms
Status: Cms
Vendor: CVE Published:; 18 December 2024

Badges

🥇 Trended No. 1📈 Trended📈 Score: 5,790👾 Exploit Exists🟡 Public PoC🟣 EPSS 91%📰 News Worthy

What is CVE-2024-56145?

CVE-2024-56145 is a critical vulnerability in Craft CMS, a widely used content management system (CMS) known for its flexibility and ease of use in creating customized digital experiences. This vulnerability arises from a configuration setting related to the PHP environment, specifically when the register_argc_argv directive is enabled in the php.ini configuration file. Under these conditions, the vulnerability allows for a remote code execution, posing a serious threat to organizations utilizing Craft CMS who have not configured their systems securely. The potential for unauthorized code execution can lead to significant disruptions, data breaches, and a compromise of sensitive information.

Technical Details

The vulnerability is triggered when an affected version of Craft CMS operates with the register_argc_argv setting enabled in the PHP configuration. This configuration flaw opens a remote code execution vector that malicious actors can exploit. The vulnerability affects specific versions of Craft CMS, necessitating immediate attention from users relying on the software for their web presence. To address this issue, users are encouraged to upgrade to the patched versions—3.9.14, 4.13.2, or 5.5.2. For those unable to perform an upgrade promptly, disabling the register_argc_argv feature serves as a recommended mitigation strategy.

Potential impact of CVE-2024-56145

Remote Code Execution: The most significant impact is the ability for attackers to execute arbitrary code remotely, which could lead to complete system compromise, allowing unauthorized access to sensitive data.
Data Breaches: Exploitation of this vulnerability can facilitate data breaches as attackers gain control over the CMS, potentially accessing confidential user information, intellectual property, and other critical organizational data.
Operational Disruption: By exploiting this vulnerability, attackers could disrupt the services provided by Craft CMS, leading to website downtime, loss of revenue, and damage to an organization's reputation due to compromised digital infrastructure.

Affected Version(s)

cms >= 4.0.0-RC1, < 4.13.2 < 4.0.0-RC1, 4.13.2

cms >= 5.0.0-RC1, < 5.5.2 < 5.0.0-RC1, 5.5.2

cms >= 3.0.0, < 3.9.14 < 3.0.0, 3.9.14

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Metasploit exploit module for CVE-2024-56145
Created by Rapid7

CVE-2024-56145
Created by Chocapikk

CVE-2024-56145-craftcms-rce
Created by Sachinart

News Articles

Cyber Security News

CVE-2024-56145

Critical PHP Zero-Day Vulnerability in Craft CMS Lets Hackers Gain Remote Access

A significant security vulnerability in Craft CMS, one of the most widely used PHP-based content management systems, has been uncovered, allowing unauthenticated remote code execution (RCE) under default configurations.

InformNNY.com

CVE-2024-56145

Assetnote Researchers Discover Zero-Day (CVE-2024-56145) in Craft CMS

Assetnote BRISBANE, AUSTRALIA, December 20, 2024 /EINPresswire.com/ -- A critical security vulnerability has been discovered by Assetnote in Craft CMS that could allow unauthenticated attackers to execute arbitrary code on affected systems. Craft CMS is one of the world's most popular content manage...