Vulnerability in Craft CMS Allows Remote Code Execution
/ 1 min read
🛠️ Vulnerability in Craft CMS Exposes Remote Code Execution Risk. A newly discovered vulnerability in Craft CMS, identified as CVE-2024-56145, allows unauthenticated remote code execution due to improper handling of command line arguments in PHP’s default configuration. The issue arises from the CMS’s failure to verify if it is running in a command line interface, enabling attackers to manipulate query strings to load malicious files. Although the Craft CMS team quickly addressed the vulnerability within 24 hours, developers are advised to ensure their configurations are secure to prevent similar exploits. This incident highlights ongoing security challenges within PHP applications, emphasizing the need for vigilant coding practices.
