Craft CMS register_argc_argv RCE (CVE-2024-56145)
Description
Craft CMS is vulnerable to unauthenticated remote code execution when the PHP configuration option register_argc_argv is enabled. This PHP setting, intended for command-line usage, exposes the $_SERVER['argv'] array to web requests. Attackers can exploit this by injecting malicious command-line arguments through HTTP requests, which Craft CMS may process as legitimate input, leading to arbitrary code execution on the server.
Remediation
Take the following steps to remediate this vulnerability:
1. Immediate Mitigation: Disable the register_argc_argv setting in your php.ini configuration file by setting it to Off:
register_argc_argv = OffAfter making this change, restart your web server (Apache, Nginx, PHP-FPM, etc.) for the changes to take effect.
2. Upgrade Craft CMS: Update to Craft CMS version 5.4.9, 5.5.6, or later, which includes patches to prevent exploitation even when register_argc_argv is enabled.
3. Verification: Confirm the setting is disabled by creating a phpinfo() page or running:
php -i | grep register_argc_argvThe output should show register_argc_argv => Off.
4. Security Review: Audit server logs for any suspicious activity or unauthorized access attempts that may have occurred before remediation.