CVE-2024-56145 — AI Deep Analysis Summary

🚨 **Essence**: Craft CMS suffers from **Remote Code Execution (RCE)** via improper handling of the `--templatesPath` query parameter.…

🔍 **Root Cause**: The flaw stems from **CWE-94 (Code Injection)**. Specifically, it exploits the PHP configuration `register_argc_argv` being enabled.…

📦 **Affected Versions**: - Craft CMS **5.0.0-RC1** up to **5.5.2** (before 5.5.2). - Craft CMS **4.0.0-RC** up to **4.13.2** (before 4.13.2). 🏢 **Vendor**: CraftCMS.

💻 **Attacker Capabilities**: - **Privileges**: Full **Remote Code Execution (RCE)** as the web server user. - **Data**: Access to all database contents, user credentials, and server files.…

⚖️ **Exploitation Threshold**: - **Auth**: **Unauthenticated**. No login required. 🔓 - **Config**: Requires `register_argc_argv` to be **enabled** in `php.ini`. This is often default in some environments but not all. 🛠️

🔥 **Public Exploits**: **YES**. Multiple PoCs are available on GitHub (e.g., by Chocapikk, Sachinart). Automated scanning templates exist in Nuclei. Wild exploitation is highly likely due to ease of use. 🚀

🔎 **Self-Check**: - Use **Nuclei** with the CVE-2024-56145 template. - Check if `register_argc_argv` is On in PHP config. - Scan for Craft CMS versions listed above.…

🛡️ **Official Fix**: **YES**. A patch was released. See GitHub Advisory GHSA-2p6p-9rc9-62j9 and commit `82e893fb794d30563da296bca31379c0df0079b3`. Update to the latest stable version immediately. ✅

🚧 **Workaround (If No Patch)**: 1. Disable `register_argc_argv` in `php.ini` (set to Off). 2. Restrict access to the `--templatesPath` parameter if possible. 3.…

🚨 **Urgency**: **CRITICAL**. - Unauthenticated RCE. - Public PoCs available. - Affects major CMS versions. - Immediate patching or mitigation is required. Do not delay! ⏳