CNVD-2024-49205 — Vulnetix

CNVD-2024-49205 PUBLISHED

Craft CMS是一个用户友好的、基于Web的内容管理系统，适用于创建和管理网站内容。 Craft CMS存在安全漏洞，该漏洞是由于开启了PHP配置中的register_argc_argv，攻击者可利用该漏洞通过构造恶意请求利用模版注入，执行任意代码，控制服务器。

Exploit Intelligence

A POC lab environment for CVE-2024-56145 CraftCMS RCE. (github-poc-repo)
A POC lab environment for CVE-2024-56145 CraftCMS RCE. (github-poc-repo)
A POC lab environment for CVE-2024-56145 CraftCMS RCE. (github-poc)
A POC lab environment for CVE-2024-56145 CraftCMS RCE. (github-poc)
CVE-2024-56145 SSTI to RCE - twig templates (github-poc)
CVE-2024-56145 SSTI to RCE - twig templates (github-poc)
Unauthenticated RCE on CraftCMS when PHP `register_argc_argv` config setting is enabled (github-poc)
Unauthenticated RCE on CraftCMS when PHP `register_argc_argv` config setting is enabled (github-poc)
data_v2.json (github-poc)
kev.json (github-poc)

…and 12 more exploits

Timeline

Dec 18, 2024 CVE Published

Open in Interactive Console →

$ Console Community · 100/wk Open console ›