tooryx
commented
4 months ago Hi @OccamsXor,
We are not completely sure on whether we would like to continue with that product or CVE. To help us make a decision, would you be willing to contribute to fingerprints for Craft CMS? If so, please open a new issue and I will be sure to accept it right away.
Thank you, ~tooryx
OccamsXor
Hi there,
I would like to start implementing a plugin to detect CVE-2023-41892 Craft CMS Unauthenticated Remote Code Execution.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2023-41892 https://github.com/craftcms/cms/security/advisories/GHSA-4w8r-3xrw-v25g
Description: Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector. Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15.
Versions: Craft CMS < 4.4.15
I will send the PR if it is valid for the scope. Thank you.