Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-46731 PoC — Craft CMS Contains a Potential Remote Code Execution Vulnerability via Twig SSTI

Source
https://github.com/singetu0096/CVE-2025-46731
Associated Vulnerability
Title:Craft CMS Contains a Potential Remote Code Execution Vulnerability via Twig SSTI (CVE-2025-46731)
Description:Craft is a content management system. Versions of Craft CMS on the 4.x branch prior to 4.14.13 and on the 5.x branch prior to 5.6.16 contains a potential remote code execution vulnerability via Twig SSTI. One must have administrator access and `ALLOW_ADMIN_CHANGES` must be enabled for this to work. Users should update to the patched versions 4.14.13 or 5.6.15 to mitigate the issue.
Readme
# CVE-2025-46731
See [report.md](report.md).
File Snapshot

 [4.0K]  /data/pocs/8a87a2c479ffb4b3353e1a8fc034eb2fa711552f
├── [257K]  1239.png
├── [292K]  1240.png
├── [231K]  1244.png
├── [226K]  1249.png
├── [223K]  1250.png
├── [270K]  1251.png
├── [  45]  README.md
└── [3.0K]  report.md

0 directories, 8 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →