Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-41892— Craft CMS Remote Code Execution vulnerability

CVSS 10.0 · Critical EPSS 93.75% · P100
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-41892

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Craft CMS Remote Code Execution vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector. Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Pixel&tonic Craft CMS 代码注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Pixel&tonic Craft CMS是美国Pixel&tonic公司的一套内容管理系统(CMS)。 Pixel&tonic Craft CMS 4.4.15之前版本存在代码注入漏洞,该漏洞源于存在远程代码执行漏洞。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

VendorProductAffected VersionsCPESubscribe
craftcmscms >= 4.0.0-RC1, <= 4.4.14 -

II. Public POCs for CVE-2023-41892

#POC DescriptionSource LinkShenlong Link
1CVE-2023-41892 - Craft CMS Remote Code Execution (RCE)https://github.com/zaenhaxor/CVE-2023-41892POC Details
2Exploit for CVE-2023-41892https://github.com/Faelian/CraftCMS_CVE-2023-41892POC Details
3CVE-2023-41892 Reverse Shellhttps://github.com/diegaccio/Craft-CMS-ExploitPOC Details
4A Craft CMS vulnerability that allows Remote Code Execution (RCE).https://github.com/acesoyeo/CVE-2023-41892POC Details
5Exploit for CVE-2023-41892https://github.com/0xfalafel/CraftCMS_CVE-2023-41892POC Details
6Nonehttps://github.com/CERTologists/HTTP-Request-for-PHP-object-injection-attack-on-CVE-2023-41892POC Details
7Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector leading to Remote Code Execution (RCE). Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15.https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-41892.yamlPOC Details
8Nonehttps://github.com/Threekiii/Awesome-POC/blob/master/CMS%E6%BC%8F%E6%B4%9E/CraftCMS%20%E6%9C%AA%E6%8E%88%E6%9D%83%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2023-41892.mdPOC Details
9https://github.com/vulhub/vulhub/blob/master/craftcms/CVE-2023-41892/README.mdPOC Details
10Customized this for my own usehttps://github.com/user01-1/CVE-2023-41892_pocPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2023-41892

登录查看更多情报信息。

IV. Related Vulnerabilities

Same product: cms
Same vendor: craftcms
Same weakness: CWE-94

V. Comments for CVE-2023-41892

Anonymous User
2025-08-25 09:40:13

katana

Leave a comment