Published: 13/09/2023 Updated: 22/12/2023

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector. Users running Craft installations prior to 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15.

Vulnerable Product	Search on Vulmon	Subscribe to Product
craftcms craft cms

Check Point Reference: CPAI-2023-1448 Date Published: 15 Jan 2024 Severity: Critical ...

This Metasploit module exploits an unauthenticated remote code execution vulnerability in Craft CMS versions 400-RC1 through 4414 ...

Craft CMS version 4414 suffers from an unauthenticated remote code execution vulnerability ...

This module exploits Remote Code Execution vulnerability (CVE-2023-41892) in Craft CMS which is a popular content management system Craft CMS versions between 400-RC1 - 4414 are affected by this vulnerability allowing attackers to execute arbitrary code remotely, potentially compromising the security and integrity ...

This module exploits Remote Code Execution vulnerability (CVE-2023-41892) in Craft CMS which is a popular content management system. Craft CMS versions between 4.0.0-RC1 - 4.4.14 are affected by this vulnerability allowing attackers to execute arbitrary code remotely, potentially compromising the security and integrity of the application. The vulnerability occurs using a PHP object creation in the `\craft\controllers\ConditionsController` class which allows to run arbitrary PHP code by escalating the object creation calling some methods available in `\GuzzleHttp\Psr7\FnStream`. Using this vulnerability in combination with The Imagick Extension and MSL which stands for Magick Scripting Language, a full RCE can be achieved. MSL is a built-in ImageMagick language that facilitates the reading of images, performance of image processing tasks, and writing of results back to the filesystem. This can be leveraged to create a dummy image containing malicious PHP code using the Imagick constructor class delivering a webshell that can be accessed by the attacker, thereby executing the malicious PHP code and gaining access to the system. Because of this, any remote attacker, without authentication, can exploit this vulnerability to gain access to the underlying operating system as the user that the web services are running as (typically www-data).

msf > use exploit/linux/http/craftcms_unauth_rce_cve_2023_41892
msf exploit(craftcms_unauth_rce_cve_2023_41892) > show targets
    ...targets...
msf exploit(craftcms_unauth_rce_cve_2023_41892) > set TARGET < target-id >
msf exploit(craftcms_unauth_rce_cve_2023_41892) > show options
    ...show and set options...
msf exploit(craftcms_unauth_rce_cve_2023_41892) > exploit

CVE-2023-41892 - Craft CMS Remote Code Execution (RCE)

CVE-2023-41892 - Craft CMS Remote Code Execution (RCE) referensi: githubcom/advisories/GHSA-4w8r-3xrw-v25g securityonlineinfo/craft-cms-fixes-rce-cve-2023-41892-flaw-rated-10-out-of-10-on-severity-scale/ blogcalifio/p/craftcms-rce

Walkthrough for HTB Surveillance machine

Surveillance Luca Leukert - Mittwoch, 21 03 2024 Nmap files/www-data/nmaptxt Using Nmap I saw that the remote machine had 3 open ports 22/tcp - ssh - 3ubuntu04 80/tcp - http - nginx 1180 (Ubuntu) 8000/tcp - http - SimpleHTTPServer 06 Feroxbuster files/www-data/feroxbuster-scanjson Feroxbuster found a login page under surveillancehtb/admin/login that us

A Craft CMS vulnerability that allows Remote Code Execution (RCE).

CVE-2023-41892 A Craft CMS vulnerability that allows Remote Code Execution (RCE)

Exploit for CVE-2023-41892

Craft CMS CVE-2023-41892 There is a Unauthenticated Remote Code Execution (RCE) affecting CraftCMS 400-RC1 - 4414 Usage python3 craft-cmspy target Requirements The exploit make use of requests Install it with : python3 -m pip install requests Acknowledgements githubcom/craftc

CVE-2023-41892 Reverse Shell

This python script exploits the Remote Code Execution vulnerability (CVE-2023-41892) of the Craft CMS, which is a popular content management system Versions between 400-RC1 - 4414 are affected by this vulnerability allowing attackers to execute arbitrary code remotely, like a PHP reverse shell Usage First start a netcat listener in another shell: nc -nlvp 1234 Then check

CWE-94 https://github.com/craftcms/cms/commit/c0a37e15cc925c473e60e27fe64054993b867ac1#diff-47dd43d86f85161944dfcce2e41d31955c4184672d9bd9d82b948c6b01b86476 https://github.com/craftcms/cms/commit/a270b928f3d34ad3bd953b81c304424edd57355e https://github.com/craftcms/cms/security/advisories/GHSA-4w8r-3xrw-v25g https://github.com/craftcms/cms/commit/7359d18d46389ffac86c2af1e0cd59e37c298857 https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4415---2023-07-03-critical https://github.com/craftcms/cms/commit/c0a37e15cc925c473e60e27fe64054993b867ac1 http://packetstormsecurity.com/files/176303/Craft-CMS-4.4.14-Remote-Code-Execution.html https://nvd.nist.gov https://packetstormsecurity.com/files/176303/Craft-CMS-4.4.14-Remote-Code-Execution.html https://github.com/zaenhaxor/CVE-2023-41892 https://advisories.checkpoint.com/defense/advisories/public/2024/cpai-2023-1448.html

CVE-2023-41892

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Metasploit Modules

Github Repositories

References

Vulmon Search

About

Products

Connect