Segfault-It

**Name of the Vulnerable Software and Affected Versions** Craft versions 4.13.8 through 4.16.2 Craft versions 5.5.8 through 5.8.3 **Description** Craft is a platform for creating digital experiences. A vulnerability exists that allows bypassing security measures, potentially leading to remote code execution (RCE) with a compromised security key. To exploit this issue, an attacker must have a compromised security key and the ability to create an arbitrary file in Craft's `/storage/backups` folder. Exploitation involves sending a malicious request to the `/updater/restore-db` endpoint, enabling the execution of CLI commands remotely. **Recommendations** Craft versions prior to 4.16.3 Craft versions prior to 5.8.4