October 2, 2023

Researchers has recently disclosed a vulnerability CVE-2023-41892, a Remote Code Execution flaw in Craft CMS application.

CVE-2023-41892 is a bug identified in Craft CMS that can grant malicious actors the ability to execute arbitrary code on the server where the CMS is hosted. This vulnerability has a CVSS score of 10, it signifies that the vulnerability is not only easy to exploit due to its reduced attack code complexity, but it can also be harnessed from a remote location and doesn’t require any authentication on the target device which makes it a prime target for attackers.

Advertisements

The developers have already addressed this vulnerability in version 4.4.15 and as far as known the developers have confirmed that they haven’t detected any attacks taking advantage of CVE-2023-41892. With the information now public, the number of attempts is likely to increase.

If you think that your Craft CMS installation has been affected by the vulnerability, follow the below steps

  • Disconnect the affected system from the internet.
  • Scan the system for malicious code.
  • Restore the system from a known good backup.
Tags:

Leave a Reply

You may have missed

McLaren Healthcare suffers a Ransomware Incident

October 2, 2023

TheCyberThrone CyberSecurity Newsletter Top 5 Articles – September, 2023

October 2, 2023

TheCyberThrone Security Week In Review – September 30, 2023

October 1, 2023

Mozilla fixes CVE-2023-5217 Vulnerability in its Products

September 30, 2023

CISA KEV Update Part III – September 2023

September 30, 2023

Exim Mail Transfer Server Vulnerabilities

September 30, 2023
%d bloggers like this: