CVE-2023-41892 CRITICAL

CVE-2023-41892: Craft CMS Remote Code Execution vulnerability

Vendor Craftcms
Product cms
Weakness CWE-94 · Code injection
Published September 13, 2023
Last update February 13, 2025

CVSS base score

10.0/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L

What the vulnerability does

01Description

Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector. Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15.

Key dates

02Disclosure timeline

September 13, 2023 CVE published
February 13, 2025 Record updated