Home > Vulnerability Database > CVE-2023-41892

Mend.io Vulnerability Database

CVE-2023-41892

Date: September 13, 2023

Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector. Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15.

Language: PHP

Severity Score

10.0

Related Resources (10)

Url: https://github.com/craftcms/cms/commit/a270b928f3d34ad3bd953b81c304424edd57355e

Url: https://github.com/craftcms/cms/commit/7359d18d46389ffac86c2af1e0cd59e37c298857

Url: https://github.com/craftcms/cms/commit/c0a37e15cc925c473e60e27fe64054993b867ac1#diff-47dd43d86f85161944dfcce2e41d31955c4184672d9bd9d82b948c6b01b86476

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-41892

Url: https://github.com/craftcms/cms/commit/c0a37e15cc925c473e60e27fe64054993b867ac1

Url: http://packetstormsecurity.com/files/176303/Craft-CMS-4.4.14-Remote-Code-Execution.html

Url: https://github.com/craftcms/cms

Url: https://github.com/craftcms/cms/security/advisories/GHSA-4w8r-3xrw-v25g

Url: https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4415---2023-07-03-critical

Url: https://www.mend.io/vulnerability-database/CVE-2023-41892

Severity Score

10.0

Weakness Type (CWE)

Improper Control of Generation of Code ('Code Injection')

CWE-94

CVSS v3.1

Base Score:	10.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2023-41892

Date: September 13, 2023

Language: PHP

Severity Score

Related Resources (10)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?