CVE-2024-56145

Name of the Vulnerable Software and Affected Versions Craft CMS versions 3.9.14, 4.13.2, and 5.5.2

Description Craft CMS is susceptible to a remote code execution issue. This affects users whose php.ini configuration has register argc argv enabled. An unspecified remote code execution vector is present for these users. Approximately 150,000 sites created with Craft CMS are estimated to be affected. The vulnerability allows an attacker to pass code in place of CLI arguments, potentially gaining remote code execution. Exploitation has been demonstrated publicly, and a proof-of-concept (PoC) exploit is available.

Recommendations Update to version 3.9.14. Update to version 4.13.2. Update to version 5.5.2. If an upgrade is not possible, disable the register argc argv setting in your php.ini configuration to mitigate the issue.