Craft CMS Improper Control of Generation of Code (Code Injection) Vulnerability - CVE-2024-56145 - Vulnerability Database

Craft CMS Improper Control of Generation of Code (Code Injection) Vulnerability - CVE-2024-56145

Critical
Reference: CVE-2024-56145
Title: Craft CMS Improper Control of Generation of Code (Code Injection) Vulnerability
Overview:

Craft is a flexible user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected by this vulnerability if their php.ini configuration has register_argc_argv enabled. For these users an unspecified remote code execution vector is present. Users are advised to update to version 3.9.14 4.13.2 or 5.5.2. Users unable to upgrade should disable register_argc_argv to mitigate the issue.