CVE-2023-41892

Name of the Vulnerable Software and Affected Versions Craft CMS versions prior to 4.4.15

Description This is a high-impact, low-complexity attack vector. Craft CMS is a platform for creating digital experiences. The issue is related to improper code generation control, which can allow a remote attacker to execute arbitrary code. About 1,299 results were found using the ZoomEyeDork app:"Craft CMS".

Recommendations To mitigate the issue, update to at least Craft CMS version 4.4.15. Additionally, refresh your security key by running the php craft setup/security-key command and update the CRAFT SECURITY KEY environment variable in all production environments. Consider refreshing other private keys stored as environment variables. As a precaution, force all users to reset their passwords by running php craft resave/users --set passwordResetRequired --to "fn() => true".