# Craft CMS 远程代码执行漏洞
## 概述
Craft CMS 是一个用于创建数字体验的平台。这是一个高影响、低复杂度的攻击向量。
## 影响版本
- Craft CMS 4.4.15之前的版本
## 细节
用户应将Craft CMS更新至4.4.15版本或更高,以缓解该问题。
## 影响
该漏洞已在Craft CMS 4.4.15版本中修复。建议用户立即更新以避免潜在的安全威胁。
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | CVE-2023-41892 - Craft CMS Remote Code Execution (RCE) | https://github.com/zaenhaxor/CVE-2023-41892 | POC详情 |
| 2 | Exploit for CVE-2023-41892 | https://github.com/Faelian/CraftCMS_CVE-2023-41892 | POC详情 |
| 3 | CVE-2023-41892 Reverse Shell | https://github.com/diegaccio/Craft-CMS-Exploit | POC详情 |
| 4 | A Craft CMS vulnerability that allows Remote Code Execution (RCE). | https://github.com/acesoyeo/CVE-2023-41892 | POC详情 |
| 5 | Exploit for CVE-2023-41892 | https://github.com/0xfalafel/CraftCMS_CVE-2023-41892 | POC详情 |
| 6 | None | https://github.com/CERTologists/HTTP-Request-for-PHP-object-injection-attack-on-CVE-2023-41892 | POC详情 |
| 7 | Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector leading to Remote Code Execution (RCE). Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-41892.yaml | POC详情 |
| 8 | None | https://github.com/Threekiii/Awesome-POC/blob/master/CMS%E6%BC%8F%E6%B4%9E/CraftCMS%20%E6%9C%AA%E6%8E%88%E6%9D%83%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2023-41892.md | POC详情 |
| 9 | https://github.com/vulhub/vulhub/blob/master/craftcms/CVE-2023-41892/README.md | POC详情 |
暂无评论