Craft CMS Improper Control of Generation of Code (Code Injection) Vulnerability - CVE-2024-56145

Craft is a flexible user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected by this vulnerability if their php.ini configuration has register_argc_argv enabled. For these users an unspecified remote code execution vector is present. Users are advised to update to version 3.9.14 4.13.2 or 5.5.2. Users unable to upgrade should disable register_argc_argv to mitigate the issue.