What is CVE-2023-41892?

CVE-2023-41892 is a critical vulnerability affecting Craft CMS, a platform for creating digital experiences. This security issue has a severity score of 9.8 to 10.0, indicating a high level of risk. The vulnerability impacts systems running Craft CMS versions from 4.4.0 up to 4.4.15, and users are advised to update their installations to at least version 4.4.15 to mitigate the problem. The vulnerability allows attackers to execute arbitrary code on affected systems, posing a significant threat to the security of these systems.

Who is impacted by this?

The CVE-2023-41892 affects users running Craft CMS installations before version 4.4.15, specifically impacting versions from 4.4.0 up to 4.4.14. Craft CMS is a platform for creating digital experiences, and this high-impact, low-complexity vulnerability allows attackers to execute arbitrary code on affected systems, posing a significant threat to their security.

What to do if CVE-2023-41892 affected you

If you're affected by the CVE-2023-41892 vulnerability, it's crucial to take immediate action. Update your Craft CMS installation to at least version 4.4.15, which contains patches for the vulnerability. Additionally, review logs and system configurations for signs of compromise or unauthorized access. If you suspect a breach, conduct a thorough investigation and remediation process to secure your system.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-41892 vulnerability in Craft CMS is not listed in CISA's Known Exploited Vulnerabilities Catalog.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-94, which involves improper control of code generation, leading to code injection.

Learn More

For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.

• NVD - CVE-2023-41892

• Craft CMS 4.4.14 Remote Code Execution ≈ Packet Storm