Craft CMS - Remote Code Execution CVE-2024-56145
- Severity
- Vulnerability description
Craft CMS is vulnerable to CVE-2024-56145, a Remote Code Execution vulnerability. This vulnerability allows an unauthenticated remote attacker to run arbitrary code on the target by using a malicious template injection from the templatePath variable from a FTP server controlled by an attacker.
- Risk description
The risk exists that a remote unauthenticated attacker can fully compromise the server in order to steal confidential information, install ransomware or pivot to the internal network.
- Exploit capabilities
Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.
- Recommendation
Update Craft CMS to a version greater than 3.9.14, 4.13.2, or 5.5.2.
- Codename
- Not available
- Detectable with
- Network Scanner
- Scan engine
- Sniper
- Exploitable with Sniper
- Yes
- CVE Published
- Dec 18, 2024
- Detection added at
- Software Type
- Content Management System
- Vendor
- CraftCMS
- Product
- Craft CMS
Detect this vulnerability now!
Check your clients' targets (or your own) for this vulnerability and thousands more! Get proof for validation with our ethical hacking toolkit.