CVERadar
Edition used by more than 30,000 companies in more than 150 countries.
Sign Up For FreeCVE-2024-56145
Critical Severity|Craftcms
94
SVRS
9.8
CVSSv3
0.97446
EPSS
TAGS
In The WildCISA KEVExploit Available
VECTOR STRING
CVSS:3.1AV:NAC:LPR:NUI:NS:UC:HI:HA:H
PUBLICATION DATE2024-12-18
LAST MODIFIED2025-10-21
Deep CVE Analysis in Progress
The system is currently conducting an in-depth analysis of the selected CVE. This includes advanced correlation, vulnerability classification, and cross-referencing with real-time threat intelligence sources. Once the analysis is complete, the page will automatically update with enriched vulnerability data and actionable insights.
Security Intelligence Brief
1. What is this vulnerability and why does it matter?
This vulnerability, identified as CVE-2024-56145, affects Craft CMS, a flexible, user-friendly Content Management System. It is an unspecified remote code execution (RCE) vector present when the php.ini configuration has `register_argc_argv` enabled. This vulnerability is critical because Remote Code Execution allows an attacker to execute arbitrary code on the affected system, which can lead to full system compromise, data theft, and denial of service. The high CVSS score of 9.8 further emphasizes its severe impact, and the presence of active exploits in the wild significantly increases the urgency for remediation.
2. What are the CVSS score, severity level, and disclosure details?
The CVSS score for CVE-2024-56145 is 9.8, which corresponds to a Critical severity level. The vulnerability was published on 2024-12-18 20:37:34 and was last modified on 2025-10-21 22:55:33.
3. Which products, vendors, systems, and versions are affected?
This vulnerability affects Craft CMS. Specifically, users are vulnerable if their php.ini configuration has `register_argc_argv` enabled. Affected versions are those prior to:
- Craft CMS version 3.9.14
- Craft CMS version 4.13.2
- Craft CMS version 5.5.2
4. What is the technical root cause and attack vector?
The technical root cause is categorized under CWE-94: Improper Control of Generation of Code ('Code Injection'). The vulnerability stems from an unspecified remote code execution vector that becomes exploitable when the `register_argc_argv` setting in the php.ini configuration is enabled. This setting makes `$_SERVER['argv']` and `$_SERVER['argc']` available for all scripts, which, when mishandled by the application, can lead to code injection opportunities. The attack vector is remote, meaning an attacker can exploit this vulnerability without local access to the system.
5. How can this vulnerability be exploited?
This vulnerability can be exploited through an unspecified remote code execution vector. The prerequisite for exploitation is that the `register_argc_argv` setting must be enabled in the php.ini configuration of the affected Craft CMS instance. Once exploited, an attacker can execute arbitrary code on the server. Active exploits for this vulnerability have been published.
6. What mitigation steps and patches are available?
To mitigate this vulnerability, users are advised to take the following steps:
- Patching: Update Craft CMS to a patched version. The recommended versions are:
- 3.9.14
- 4.13.2
- 5.5.2
- Workaround/Mitigation: If immediate upgrade is not feasible, disable the `register_argc_argv` setting in the php.ini configuration.
7. How can vulnerable systems be detected?
Vulnerable systems can be detected by checking two primary factors:
- Craft CMS Version: Verify the installed version of Craft CMS. Any version prior to 3.9.14, 4.13.2, or 5.5.2 is potentially vulnerable.
- php.ini Configuration: Inspect the `php.ini` file on the server to determine if the `register_argc_argv` directive is enabled. If it is set to "On" or "1", and the Craft CMS version is vulnerable, the system is at risk.
8. What are the indicators of compromise (IOCs)?
Specific indicators of compromise (IOCs) are not detailed in the provided CVE data. However, typical IOCs for remote code execution vulnerabilities might include unexpected file creations or modifications, unusual outbound network connections from the web server, suspicious processes running, or web server logs showing unusual requests or error patterns.
9. Which threat actors are known to exploit this vulnerability?
While the CVE data states that "Active exploits have been published to exploit the vulnerability," it does not specify any particular threat actors known to be actively exploiting CVE-2024-56145.
10. What public intelligence references and advisories exist?
The primary public intelligence reference for this issue is CVE-2024-56145 itself. This CVE entry provides details on the vulnerability, affected versions, and recommended mitigations.
11. What is the risk assessment and urgency level?
The risk assessment for CVE-2024-56145 is Critical, with a CVSS score of 9.8. This vulnerability allows for remote code execution, which can lead to complete compromise of the Craft CMS instance and potentially the underlying server. The urgency level is High and immediate action is required. This is further heightened by the existence of active exploits, meaning attackers are already leveraging this flaw. Organizations using affected versions of Craft CMS with `register_argc_argv` enabled must prioritize updating their systems or applying the recommended mitigation.
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNTCVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs
CVE Radar
Real-time CVE Intelligence & Vulnerability Management Platform
CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.