CVE-2023-32679

moderate-risk
Published 2023-05-19

Craft CMS is an open source content management system. In affected versions of Craft CMS an unrestricted file extension may lead to Remote Code Execution. If the name parameter value is not empty string('') in the View.php's doesTemplateExist() -> resolveTemplate() -> _resolveTemplateInternal() -> _resolveTemplate() function, it returns directly without extension verification, so that arbitrary extension files are rendered as twig templates. When attacker with admin privileges on a DEV or an improperly configured STG or PROD environment, they can exploit this vulnerability to remote code execution. Code execution may grant the attacker access to the host operating system. This issue has been addressed in version 4.4.6. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Do I need to act?

!
25.5% chance of exploitation in next 30 days
EPSS score — higher than 74% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.2/10 High
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Craftcms

References (2)

Exploit https://github.com/craftcms/cms/security/advisories/GHSA-vqxf-r9ph-cc9c
Exploit https://github.com/craftcms/cms/security/advisories/GHSA-vqxf-r9ph-cc9c
46
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 15/34 · Moderate
Exposure 5/34 · Minimal