CVE-2023-41892

Description

Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector. Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15.

NVD
Severity: CRITICAL
CVE ID: CVE-2023-41892
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

GitHub, Inc.
Severity: CRITICAL
CVE ID: CVE-2023-41892
CVSS Score: 10.0
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L

Refrence: NVD MITRE

Proof Of Concept

Nuclei Templates for CVE-2023-41892

Refrence: Project Discovery GitHub

zaenhaxor

CVE-2023-41892 - Craft CMS Remote Code Execution (RCE)

Refrence: GitHub

Faelian

Exploit for CVE-2023-41892

Refrence: GitHub

diegaccio

CVE-2023-41892 Reverse Shell

Refrence: GitHub

acesoyeo

A Craft CMS vulnerability that allows Remote Code Execution (RCE).

Refrence: GitHub

Description​

Proof Of Concept​

Description

Proof Of Concept