1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Craft CMS Code Injection Vulnerability

Known Exploited Vulnerabilities CVE-2024-56145

Craft CMS contains a code injection vulnerability. Users with affected versions are vulnerable to remote code execution if their php.ini configuration has `register_argc_argv` enabled.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2024-56145 Craft CMS Code Injection Vulnerability exploitation_technique T1055 Process Injection
Comments
This vulnerability, which is dependent on the PHP configuration setting, "register_argc_argv" being enabled, can allow an attacker to craft a malicious HTTP request that CMS can process as legitimate, leading to remote code execution and, potentially, full system compromise.
References
  1. https://github.com/Chocapikk/CVE-2024-56145
CVE-2024-56145 Craft CMS Code Injection Vulnerability primary_impact T1059 Command and Scripting Interpreter
Comments
This vulnerability, which is dependent on the PHP configuration setting, "register_argc_argv" being enabled, can allow an attacker to craft a malicious HTTP request that CMS can process as legitimate, leading to remote code execution and, potentially, full system compromise.
References
  1. https://github.com/Chocapikk/CVE-2024-56145