CVE-2024-56145 Information

Description

Craft is a flexible user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected by this vulnerability if their php.ini configuration has register_argc_argv enabled. For these users an unspecified remote code execution vector is present. Users are advised to update to version 4.13.2 or 5.5.2. Users unable to upgrade should disable register_argc_argv to mitigate the issue.

Reference

https://github.com/craftcms/cms/commit/82e893fb794d30563da296bca31379c0df0079b3 https://github.com/craftcms/cms/security/advisories/GHSA-2p6p-9rc9-62j9