CVE-2023-32679

HIGH

Craft CMS 4.0.0-4.4.5 - Authenticated Remote Code Execution via Unrestricted File Extension in Template Resolution

Title source: llm

Description

Craft CMS is an open source content management system. In affected versions of Craft CMS an unrestricted file extension may lead to Remote Code Execution. If the name parameter value is not empty string('') in the View.php's doesTemplateExist() -> resolveTemplate() -> _resolveTemplateInternal() -> _resolveTemplate() function, it returns directly without extension verification, so that arbitrary extension files are rendered as twig templates. When attacker with admin privileges on a DEV or an improperly configured STG or PROD environment, they can exploit this vulnerability to remote code execution. Code execution may grant the attacker access to the host operating system. This issue has been addressed in version 4.4.6. Users are advised to upgrade. There are no known workarounds for this vulnerability.

References (1)

Core 1

Core References

Exploit, Vendor Advisory x_refsource_confirm

https://github.com/craftcms/cms/security/advisories/GHSA-vqxf-r9ph-cc9c

Scores

CVSS v3 7.2

EPSS 0.0185

EPSS Percentile 76.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-74

Status published

Products (2)

craftcms/cms 4.0.0 - 4.4.6Packagist

craftcms/craft_cms 4.0.0 - 4.4.6

Published May 19, 2023

Tracked Since Feb 18, 2026