CVE-2023-40035
CVSS 3.1 Score 7.2 of 10 (high)
Details
Summary
CVE-2023-40035 is a vulnerability affecting Craft CMS, a platform used for creating custom digital experiences. This issue arises due to a bypass in the validatePath function, which can potentially enable remote code execution. Malicious actors could exploit this vulnerability to gain malicious control of affected systems and exfiltrate sensitive data. Although this vulnerability can only be exploited by authenticated users, the presence of the ALLOW_ADMIN_CHANGES=true configuration significantly increases the threat level. The vulnerability has been addressed in Craft CMS versions 4.4.15 and 3.8.15.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.