CVE-2023-40035Injection in Craft CMS

CWE-74InjectionCWE-22Path TraversalCWE-94Code Injection8 documents4 sources
Severity
7.2HIGHNVD
EPSS
0.3%
top 48.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Craftcms Craft CMSCraftcms CMS
Timeline
PublishedAug 23
Latest updateNov 13

Description

Craft is a CMS for creating custom digital experiences on the web and beyond. Bypassing the validatePath function can lead to potential remote code execution. This vulnerability can lead to malicious control of vulnerable systems and data exfiltrations. Although the vulnerability is exploitable only in the authenticated users, configuration with ALLOW_ADMIN_CHANGES=true, there is still a potential security threat (Remote Code Execution). This issue has been patched in version 4.4.15 and version

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages3 packages

Packagistcraftcms/cms4.0.0-RC14.4.15+3
NVDcraftcms/craft_cms3.0.03.8.15+5
CVEListV5craftcms/cms6 versions+5

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

6
OSV
Craft CMS vulnerable to Potential Remote Code Execution via missing path normalization & Twig SSTI2024-11-13
CVEList
Craft has a Potential Remote Code Execution via missing path normalization & Twig SSTI2024-11-13
GHSA
Craft CMS vulnerable to Potential Remote Code Execution via missing path normalization & Twig SSTI2024-11-13
CVEList
Craft CMS vulnerable to Remote Code Execution via validatePath bypass2023-08-23
GHSA
Craft CMS vulnerable to Remote Code Execution via validatePath bypass2023-08-21