Saturday , March 29 2025
PHP

Critical PHP Zero-Day Vulnerability found in Craft CMS To Gain RCE

A major security flaw in Craft CMS, a popular PHP content management system, has been found, enabling unauthenticated remote code execution (RCE) with default settings.

The vulnerability CVE-2024-56145 was reported by security researchers and quickly patched by the Craft CMS team within 24 hours.

FBI investigating cyberattack at Oracle, Bloomberg News reports

The Federal Bureau of Investigation (FBI) is probing the cyberattack at Oracle (ORCL.N), opens new tab that has led to...
Read More
FBI investigating cyberattack at Oracle, Bloomberg News reports

OpenAI Offering $100K Bounties for Critical Vulns

OpenAI has increased its maximum bug bounty payout to $100,000, up from $20,000, to encourage the discovery of critical vulnerabilities...
Read More
OpenAI Offering $100K Bounties for Critical Vulns

Splunk Alert User RCE and Data Leak Vulns

Splunk has released a security advisory about critical vulnerabilities in Splunk Enterprise and Splunk Cloud Platform. These issues could lead...
Read More
Splunk Alert User RCE and Data Leak Vulns

CIRT alert Situational Awareness for Eid Holidays

As the Eid holidays near, cybercriminals may try to take advantage of weakened security during this time. The CTI unit...
Read More
CIRT alert Situational Awareness for Eid Holidays

Cyberattack on Malaysian airports: PM rejected $10 million ransom

Operations at Kuala Lumpur International Airport (KLIA) were unaffected by a cyber attack in which hackers demanded US$10 million (S$13.4...
Read More
Cyberattack on Malaysian airports: PM rejected $10 million ransom

Micropatches released for Windows zero-day leaking NTLM hashes

Unofficial patches are available for a new Windows zero-day vulnerability that allows remote attackers to steal NTLM credentials by deceiving...
Read More
Micropatches released for Windows zero-day leaking NTLM hashes

VMware Patches Authentication Bypass Flaw in Windows Tool

On Tuesday, VMware issued an urgent fix for a security flaw in its VMware Tools for Windows. CVE-2025-22230 allows a...
Read More
VMware Patches Authentication Bypass Flaw in Windows Tool

IngressNightmare
Over 40% of cloud environments are vulnerable to RCE

Kubernetes users of the Ingress NGINX Controller are advised to fix four newly found remote code execution ( RCE) vulnerabilities,...
Read More
IngressNightmare  Over 40% of cloud environments are vulnerable to RCE

(CVE-2025-29927)
Urgently Patch Your Next.js for Authorization Bypass

Next.js, a widely used React framework for building full-stack web applications, has fixed a serious security vulnerability. Used by many...
Read More
(CVE-2025-29927)  Urgently Patch Your Next.js for Authorization Bypass

Oracle refutes breach after hacker claims 6 million data theft

A hacker known as “rose87168” claims to have stolen six million records from Oracle Cloud servers. The stolen data includes...
Read More
Oracle refutes breach after hacker claims 6 million data theft

PHP has improved over the years but still faces security challenges. While older vulnerabilities like register_globals and magic_quotes_gpc are resolved, some design quirks can cause critical issues.

The recent flaw in Craft CMS shows how ordinary PHP behaviors can lead to security vulnerabilities.

At the heart of this vulnerability is the register_argc_argv configuration setting in PHP. This setting controls if command-line arguments ($_SERVER[‘argc’] and $_SERVER[‘argv’]) are available when a script runs.

In PHP, the register_argc_argv option is enabled by default, which can cause issues when query strings are used in web-hosted scripts. The official Craft CMS Docker image has this setting enabled, making it potentially vulnerable.

How the Vulnerability Works:

The issue with Craft CMS is in its handling of command-line options during startup. Developers found that query strings can manipulate paths for important files, such as configuration files and templates.

Attackers could exploit this behavior to control file paths and execute arbitrary code.

Researchers showed that using an ftp:// link to host malicious templates on an FTP server allowed them to bypass security checks and inject harmful code into a vulnerable Craft CMS.

Adam Kues found that Craft CMS’s attempt to secure its template engine (Twig) wasn’t foolproof. Attackers could use tricks like the sort filter combined with call_user_func to bypass these security measures and execute remote code.

Impact and Mitigation:

Craft CMS is used by over 150,000 websites worldwide, including major enterprises. A vulnerability risked organizations using the platform’s default settings.

The Craft CMS team quickly released patched versions 5.5.2+ and 4.13.2+. Users should upgrade their installations right away. Full report here.

Check Also

Windows

11 state hackers exploit new Windows zero-day since 2017

11 nation-state groups from North Korea, China, and Russia are exploiting a vulnerability in a …

Leave a Reply

Your email address will not be published. Required fields are marked *