Skip to main content

CVE-2024-56145: CWE-94: Improper Control of Generation of Code ('Code Injection') in craftcms cms

Critical
VulnerabilityCVE-2024-56145cvecve-2024-56145cwe-94
Published: Wed Dec 18 2024 (12/18/2024, 20:37:34 UTC)
Source: CVE Database V5
Vendor/Project: craftcms
Product: cms

Description

Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected by this vulnerability if their php.ini configuration has `register_argc_argv` enabled. For these users an unspecified remote code execution vector is present. Users are advised to update to version 3.9.14, 4.13.2, or 5.5.2. Users unable to upgrade should disable `register_argc_argv` to mitigate the issue.

AI-Powered Analysis

AILast updated: 07/08/2025, 12:43:05 UTC

Technical Analysis

CVE-2024-56145 is a critical remote code execution (RCE) vulnerability affecting multiple versions of the Craft CMS, a popular content management system used for building custom digital experiences. The vulnerability arises due to improper control of code generation, classified under CWE-94 (Improper Control of Generation of Code). Specifically, the issue manifests when the PHP configuration directive `register_argc_argv` is enabled in the php.ini file. This setting allows PHP scripts to access command-line arguments, which in this context can be exploited by an attacker to inject and execute arbitrary code remotely without any authentication or user interaction. The affected versions include Craft CMS versions from 3.0.0 up to but not including 3.9.14, versions from 4.0.0-RC1 up to but not including 4.13.2, and versions from 5.0.0-RC1 up to but not including 5.5.2. The vulnerability has a CVSS 4.0 base score of 9.3, indicating a critical severity level. The attack vector is network-based with low attack complexity, no privileges or user interaction required, and results in high impact on confidentiality, integrity, and availability. Although no known exploits are currently reported in the wild, the potential for exploitation is significant given the nature of the vulnerability and the ease of exploitation. The recommended remediation is to upgrade Craft CMS to versions 3.9.14, 4.13.2, or 5.5.2, which contain the fix. For users unable to upgrade immediately, disabling the `register_argc_argv` directive in PHP configuration serves as a mitigating control to prevent exploitation. This vulnerability poses a severe risk as it could allow attackers to fully compromise affected web servers, leading to data breaches, defacement, or use of the compromised server as a pivot point for further attacks.

Potential Impact

For European organizations using Craft CMS, this vulnerability represents a critical threat to their web infrastructure. Successful exploitation could lead to complete system compromise, allowing attackers to execute arbitrary code remotely. This could result in unauthorized data access, data manipulation, service disruption, or deployment of malware such as ransomware. Given the widespread use of CMS platforms in Europe for government, healthcare, finance, and e-commerce sectors, the impact could be severe, including regulatory non-compliance (e.g., GDPR violations), financial losses, reputational damage, and operational downtime. The fact that no authentication or user interaction is required increases the risk of automated exploitation campaigns targeting vulnerable Craft CMS instances. Organizations with publicly accessible Craft CMS installations are particularly at risk. Additionally, the vulnerability could be leveraged to establish persistent backdoors or launch further attacks within corporate networks, amplifying the potential damage.

Mitigation Recommendations

1. Immediate upgrade of Craft CMS to the fixed versions: 3.9.14, 4.13.2, or 5.5.2. This is the most effective and recommended mitigation. 2. For organizations unable to upgrade promptly, disable the `register_argc_argv` directive in the PHP configuration (php.ini) to prevent the vulnerability from being exploitable. This can be done by setting `register_argc_argv = Off` and restarting the web server. 3. Conduct a thorough inventory of all Craft CMS instances within the organization to identify vulnerable versions. 4. Implement network-level protections such as web application firewalls (WAFs) with custom rules to detect and block suspicious payloads targeting code injection vectors. 5. Monitor logs and network traffic for unusual activity indicative of exploitation attempts, including unexpected command-line argument usage or anomalous PHP execution patterns. 6. Employ strict access controls and segmentation to limit the exposure of CMS servers to the internet and internal networks. 7. Regularly back up CMS data and configurations to enable rapid recovery in case of compromise. 8. Educate development and operations teams about the risks associated with PHP configuration settings and the importance of timely patching.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
GitHub_M
Date Reserved
2024-12-16T18:04:39.983Z
Cvss Version
4.0
State
PUBLISHED

Threat ID: 6839b29a182aa0cae2b1bcf1

Added to database: 5/30/2025, 1:28:58 PM

Last enriched: 7/8/2025, 12:43:05 PM

Last updated: 8/11/2025, 9:02:04 PM

Views: 9

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats