Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected by this vulnerability if their php.ini configuration has `register_argc_argv` enabled. For these users an unspecified remote code execution vector is present. Users are advised to update to version 3.9.14, 4.13.2, or 5.5.2. Users unable to upgrade should disable `register_argc_argv` to mitigate the issue.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| craftcms/cms(Packagist) | 5.0.0-RC1 | 5.5.2 | N/A |
| craftcms/cms(Packagist) | 4.0.0-RC1 | 4.13.2 | N/A |
| craftcms/cms(Packagist) | 3.0.0 | 3.9.14 | N/A |
CVSS Metrics
