October 2, 2023

Researchers has recently disclosed a vulnerability CVE-2023-41892, a Remote Code Execution flaw in Craft CMS application.

CVE-2023-41892 is a bug identified in Craft CMS that can grant malicious actors the ability to execute arbitrary code on the server where the CMS is hosted. This vulnerability has a CVSS score of 10, it signifies that the vulnerability is not only easy to exploit due to its reduced attack code complexity, but it can also be harnessed from a remote location and doesn’t require any authentication on the target device which makes it a prime target for attackers.


The developers have already addressed this vulnerability in version 4.4.15 and as far as known the developers have confirmed that they haven’t detected any attacks taking advantage of CVE-2023-41892. With the information now public, the number of attempts is likely to increase.

If you think that your Craft CMS installation has been affected by the vulnerability, follow the below steps

  • Disconnect the affected system from the internet.
  • Scan the system for malicious code.
  • Restore the system from a known good backup.

Leave a Reply

%d bloggers like this: