Craft CMS has rapidly become the tool of choice for many developers and businesses, known for its flexibility and ease of creating custom digital experiences. With its foundation on the powerful Yii 2 PHP framework and the integration of Twig for templating, Craft CMS has won accolades for its user-friendliness and versatility. However, no software is impervious to vulnerabilities, and the recently disclosed CVE-2023-41892, a Remote Code Execution (RCE) flaw has put many Craft installations at risk.

CVE-2023-41892

CVE-2023-41892 is a security flaw identified in Craft CMS that can grant malicious actors the ability to execute arbitrary code on the server where the CMS is hosted. Remote Code Execution vulnerabilities, as the name suggests, give attackers the potential to run their own code remotely, potentially taking over systems, stealing sensitive data, or causing other havoc.

What makes this particular vulnerability especially concerning is its CVSS severity score. With a perfect 10 out of 10, it signifies that the vulnerability is not only easy to exploit due to its reduced attack code complexity, but it can also be harnessed from a remote location and doesn’t require any authentication on the target device. Essentially, this trifecta of attributes makes it a prime target for attackers.

The good news is that craft developers have already addressed this vulnerability in version 4.4.15. If you’re running a version prior to this, it’s imperative to update immediately.

For those worried about whether this vulnerability has been exploited in the wild, as of the time of this writing, developers have confirmed that they haven’t detected any attacks taking advantage of CVE-2023-41892. However, it’s worth noting that just because there haven’t been any detected doesn’t mean there haven’t been any attempted. With the information now public, the number of attempts is likely to increase.

If you think that your Craft CMS installation has been affected by the vulnerability, you should immediately:

  • Disconnect the affected system from the internet.
  • Scan the system for malicious code.
  • Restore the system from a known good backup.