Home > Vulnerability Database > CVE-2023-41892

Mend Vulnerability Database

CVE-2023-41892

Good to know:

Date: September 13, 2023

Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector. Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15.

Language: PHP

Severity Score

9.8

Related Resources (5)

Url: https://github.com/craftcms/cms/commit/7359d18d46389ffac86c2af1e0cd59e37c298857

Url: https://github.com/craftcms/cms/commit/a270b928f3d34ad3bd953b81c304424edd57355e

Url: https://github.com/craftcms/cms/commit/c0a37e15cc925c473e60e27fe64054993b867ac1#diff-47dd43d86f85161944dfcce2e41d31955c4184672d9bd9d82b948c6b01b86476

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-41892

Url: https://www.mend.io/vulnerability-database/CVE-2023-41892

Severity Score

9.8

Weakness Type (CWE)

Code Injection

CWE-94

Top Fix

Upgrade Version

Upgrade to version 4.4.15

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend Vulnerability Database

We found results for “”

CVE-2023-41892

Good to know:

Date: September 13, 2023

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?