Vulnerability identifier: #VU80806

Vulnerability risk: High

CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C]

CVE-ID: CVE-2023-41892

CWE-ID: CWE-284

Exploitation vector: Network

Exploits in database: 3

• February 1, 2024
  • Craft-CMS-Exploit (CVE-2023-41892 Reverse Shell) [Github]
• December 27, 2023
  • CraftCMS_CVE-2023-41892 (Exploit for CVE-2023-41892) [Github]
• December 22, 2023
  • Craft CMS unauthenticated Remote Code Execution (RCE) [Metasploit]

Impact: Information disclosure and data manipulation

Vulnerable software:
Craft CMS
Web applications / CMS

Vendor: Pixel & Tonic, Inc.