CVE-2024-56145 - PatchNow

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2024-12-18

Added to CISA KEV: 2025-06-02 166 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

CRITICAL: Check for indicators of compromise - this vulnerability is in CISA KEV indicating active exploitation in the wild. Review logs, check for unauthorized access, verify system integrity
Immediately update Craft CMS to version 3.9.14, 4.13.2, or 5.5.2 depending on your branch
If immediate patching is not possible, disable PHP register_argc_argv configuration as a temporary mitigation
Review web server access logs for suspicious POST requests or unusual command execution patterns
Implement web application firewall rules to block known exploit patterns
Verify no unauthorized files or web shells have been uploaded to the server
Patch priority: CRITICAL - patch within 24-48 hours due to active exploitation

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2024-56145 is a critical Remote Code Execution (RCE) vulnerability affecting Craft CMS ^[3]. It has been officially recognized as a known exploited vulnerability by CISA ^[1].

Exploitation and Threat Landscape

Active Exploitation: The vulnerability is actively exploited in the wild, leading to its inclusion in the CISA Known Exploited Vulnerabilities (KEV) Catalog ^[1].
Proof-of-Concept: Publicly available exploit tools exist, including repositories on GitHub designed to leverage the vulnerability ^[2].
Ransomware/Targeted Attacks: While specific attribution to major ransomware groups is not always publicly detailed in initial advisories, its presence in the CISA KEV catalog indicates it is being used in significant, real-world attacks that warrant urgent remediation ^[1].

Attack Method and Requirements

Method: The vulnerability arises from improper handling of user-supplied template paths, which allows an attacker to achieve RCE via specially crafted payloads ^[2].
Requirements:

* Network Access: It can be exploited remotely over the network?_=1734642908?kagi_q=CVE-2024-56145+details+exploitation+ransomware+impact+patch+status. * Authentication/Interaction: Exploitation does not require authentication or user interaction?_=1734642908?kagi_q=CVE-2024-56145+details+exploitation+ransomware+impact+patch+status. * Configuration Dependency: The vulnerability is specifically triggered if the PHP `register_argc_argv` configuration setting is enabled in `php.ini`?id=CVE-2024-56145?kagi_q=CVE-2024-56145+details+exploitation+ransomware+impact+patch+status.

Impact

Successful exploitation grants an attacker the ability to execute arbitrary code on the affected server. This results in a high impact on the confidentiality, integrity, and availability of the system?_=1734642908?kagi_q=CVE-2024-56145+details+exploitation+ransomware+impact+patch+status.

Affected Versions and Mitigation

Patch Status: Users should update to the following patched versions of Craft CMS to remediate the vulnerability:

* 3.9.14 * 4.13.2 * 5.5.2 ^[4]

Sources

NVD - CVE-2024-56145
An official website of the United States government Here's how you know ... Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected by this ... Vendor Advisory. https://www.cisa.gov/known-exploited-vulnerabilities-…
Chocapikk/CVE-2024-56145 - Craft CMS Exploitation Tool - GitHub
Unauthenticated RCE on CraftCMS when PHP `register_argc_argv` config setting is enabled - Chocapikk/CVE-2024-56145. ... CVE-2024-56145: Craft CMS Exploitation Tool 🚨 This tool is designed to exploit a vulnerability in Craft CMS identified by the amazing research team at Assetnote. The issue arises d…
CVE-2024-56145: Craft CMS Remote Code Execution Vulnerability
CVE-2024-56145 is a remote code execution vulnerability in Craft CMS. Learn about its impact, affected versions, and mitigation methods. ... CVE-2024-56145 is a remote code execution vulnerability in Craft CMS. Learn about its impact, affected versions, and mitigation methods.
Endor Patches | CVE-2024-56145, Craft CMS has potential RCE ...
Impact. You are affected if your php.ini configuration has registerargcargv enabled. Patches. Update to 3.9.14, 4.13.2, or 5.5.2. Workarounds.

🔴 CVE-2024-56145