Skip to content

Add template CVE-2024-56145 #11421

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Dec 29, 2024
Merged

Add template CVE-2024-56145 #11421

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
26d1adc
Add template CVE-2024-56145
jackhax Dec 29, 2024
3d3afc8
minor improvement
ehsandeep Dec 29, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
64 changes: 64 additions & 0 deletions http/cves/2024/CVE-2024-56145.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
id: CVE-2024-56145

info:
name: Craft CMS - Remote Code Execution via Template Path Manipulation
author: jackhax
severity: critical
description: |
This template identifies a critical Remote Code Execution (RCE) vulnerability in Craft CMS, identified as GHSA-2p6p-9rc9-62j9.
The vulnerability exists due to improper handling of the `--templatesPath` query parameter, allowing attackers to execute arbitrary code by referencing malicious Twig templates.
impact: |
Successful exploitation of this vulnerability could allow an unauthenticated attacker to perform remote code execution.
remediation: |
Upgrade CraftCMS to either >5.5.2 or >4.13.2 or >3.9.14. Or If you can't upgrade yet, and register_argc_argv is enabled, you can disable it to mitigate the issue.
reference:
- https://github.com/advisories/GHSA-2p6p-9rc9-62j9
- https://www.assetnote.io/resources/research/how-an-obscure-php-footgun-led-to-rce-in-craft-cms
- https://github.com/Chocapikk/CVE-2024-56145
- https://github.com/craftcms/cms/commit/82e893fb794d30563da296bca31379c0df0079b3
- https://github.com/craftcms/cms/security/advisories/GHSA-2p6p-9rc9-62j9
classification:
cvss-metrics: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
cvss-score: 9.3
cve-id: CVE-2024-56145
cwe-id: CWE-94
epss-score: 0.00043
epss-percentile: 0.10941
cpe: cpe:2.3:a:craftcms:craft:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: craftcms
product: cms
shodan-query:
- http.html:"craftcms"
- http.favicon.hash:"-47932290"
fofa-query:
- icon_hash=-47932290
- body=craftcms
publicwww-query: craftcms
tags: cve,cve2024,rce,craftcms,ssti

variables:
nonce: "{{rand_int(1000000000,9999999999)}}"

http:
- raw:
- |
GET ?--configPath=/nuclei_test/{{nonce}} HTTP/1.1
Host: {{Hostname}}

matchers-condition: and
matchers:
- type: word
part: body
words:
- '{{nonce}}'
- 'mkdir()'
- 'Permission denied'
- 'No such file or directory'
condition: and

- type: status
status:
- 503
Loading