CVE-2024-56145— RCE when PHP `register_argc_argv` config setting is enabled in craftcms/cms

RCE when PHP `register_argc_argv` config setting is enabled in craftcms/cms

Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected by this vulnerability if their php.ini configuration has `register_argc_argv` enabled. For these users an unspecified remote code execution vector is present. Users are advised to update to version 3.9.14, 4.13.2, or 5.5.2. Users unable to upgrade should disable `register_argc_argv` to mitigate the issue.

N/A

对生成代码的控制不恰当(代码注入)

Craft CMS 代码注入漏洞

Craft CMS是Craft CMS开源的一套内容管理系统（CMS）。 Craft CMS 5.0.0-RC1版本至5.5.2之前版本和4.0.0-RC版本至4.13.2之前版本存在代码注入漏洞，该漏洞源于php.ini配置的register_argc_argv选项被启用时，会出现未指定的远程代码执行向量。

N/A

N/A