平台
php
组件
craftcms/cms
修复版本
4.0.1
5.0.1
4.12.2
CVE-2024-52293 is a Remote Code Execution (RCE) vulnerability in Craft CMS, stemming from a missing normalizePath function within the FileHelper::absolutePath method. This flaw allows for Server-Side Template Injection (SSTI) via Twig templates, potentially enabling an attacker to execute arbitrary code on the server. The vulnerability affects versions of Craft CMS up to and including 4.9.7, and a fix is available in version 4.12.2.
Successful exploitation of CVE-2024-52293 could allow an authenticated administrator to execute arbitrary code on the server hosting the Craft CMS instance. This could lead to complete system compromise, including data exfiltration, modification, or deletion. The attack leverages Twig SSTI, a well-understood attack vector, making it potentially easier for attackers to exploit. Given the post-authentication requirement (ALLOWADMINCHANGES=true), an attacker would need to first gain access to an administrator account, but once achieved, the impact is severe. This vulnerability is a sequel to CVE-2023-40035, indicating a recurring pattern of template injection issues within Craft CMS.
CVE-2024-52293 was publicly disclosed on 2024-11-13. The vulnerability is considered to have a medium exploitation probability based on the requirement for administrator privileges and the need to craft a specific SSTI payload. Public proof-of-concept exploits are likely to emerge given the nature of the vulnerability and its connection to CVE-2023-40035. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns.
Organizations using Craft CMS with administrator accounts that have not been updated to version 4.12.2 are at risk. Specifically, deployments with ALLOWADMINCHANGES enabled are particularly vulnerable, as this setting facilitates the exploitation process. Shared hosting environments running Craft CMS are also at increased risk due to the potential for cross-site contamination.
• php: Examine Craft CMS application logs for unusual Twig template rendering errors or attempts to access sensitive files.
grep -r 'Twig' /path/to/craftcms/app/logs/*• php: Check for modifications to Twig template files within the Craft CMS installation directory.
find /path/to/craftcms/app/templates -type f -mtime -1• generic web: Monitor web server access logs for requests containing suspicious Twig template syntax or attempts to access restricted resources.
curl -I 'http://your-craftcms-site.com/?template=evil'disclosure
patch
漏洞利用状态
EPSS
17.44% (95% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2024-52293 is to upgrade Craft CMS to version 4.12.2 or later. If an immediate upgrade is not possible, consider implementing temporary workarounds. While a direct WAF rule targeting Twig SSTI is complex, ensure your WAF is configured to monitor for suspicious template rendering activity. Review and restrict user input used in Twig templates to minimize the attack surface. After upgrading, confirm the fix by attempting to trigger the SSTI vulnerability via a crafted Twig template; the attempt should fail with an appropriate error message.
Actualice Craft CMS a la versión 4.12.2 o superior, o a la versión 5.4.3 o superior. Esto corregirá la vulnerabilidad de ejecución remota de código. Realice una copia de seguridad antes de actualizar.
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2024-52293 is a Remote Code Execution vulnerability in Craft CMS stemming from missing path normalization, allowing Server-Side Template Injection (SSTI) via Twig templates.
You are affected if you are running Craft CMS versions 4.9.7 or earlier. Upgrade to 4.12.2 or later to mitigate the risk.
Upgrade Craft CMS to version 4.12.2 or later. Consider temporary workarounds like restricting user input in Twig templates if an immediate upgrade is not possible.
While active exploitation is not yet confirmed, the vulnerability's nature and connection to CVE-2023-40035 suggest a high likelihood of exploitation.
Refer to the Craft CMS security advisory on GitHub: https://github.com/craftcms/cms/security/advisories/GHSA-44wr-rmwq-3phw