CVE-2024-56145 Scanner

Craft CMS is a highly versatile content management system used by developers and organizations for creating and managing websites and digital content. It provides extensive customization options through templates and integrations, making it a popular choice for both small businesses and enterprise-level applications. Craft CMS is designed to offer flexibility and ease of use for web developers and content creators alike.

The Remote Code Execution (RCE) vulnerability in Craft CMS arises due to improper handling of the `--templatesPath` query parameter. This allows attackers to manipulate the parameter to reference malicious Twig templates, enabling arbitrary code execution. The issue is critical and affects multiple versions of the software.

This vulnerability exists in all Craft CMS versions prior to 5.5.2, 4.13.2, and 3.9.14. Exploitation involves crafting a specially designed request to the `--templatesPath` parameter, which can trigger the inclusion and execution of malicious code on the server. The vulnerability requires no prior authentication.

Successful exploitation allows attackers to execute arbitrary commands on the server, potentially gaining full control over the system. This could result in data theft, unauthorized access, or further compromise of the underlying infrastructure. It poses a significant risk to affected systems.

REFERENCES

• https://github.com/advisories/GHSA-2p6p-9rc9-62j9
• https://www.assetnote.io/resources/research/how-an-obscure-php-footgun-led-to-rce-in-craft-cms
• https://github.com/Chocapikk/CVE-2024-56145
• https://github.com/craftcms/cms/commit/82e893fb794d30563da296bca31379c0df0079b3
• https://github.com/craftcms/cms/security/advisories/GHSA-2p6p-9rc9-62j9