← ExploitWatch
HomeExploited Vulnerabilities

CVE-2024-56145 — Actively Exploited: Craft CMS (Craft CMS)

Craft CMS contains a code injection vulnerability. Users with affected versions are vulnerable to remote code execution if their php.ini configuration has `register_argc_argv` enabled.

CVE IDCVE-2024-56145
VendorCraft CMS
ProductCraft CMS
Vulnerability nameCraft CMS Code Injection Vulnerability
Date added2025-06-02
Remediation due2025-06-23
Known ransomware useUnknown
Required actionApply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
DescriptionCraft CMS contains a code injection vulnerability. Users with affected versions are vulnerable to remote code execution if their php.ini configuration has `register_argc_argv` enabled.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →