CVE-2024-56145

UNKNOWN 0.0

⚠️ CISA KEV

RCE when PHP `register_argc_argv` config setting is enabled in craftcms/cms

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected by this vulnerability if their php.ini configuration has `register_argc_argv` enabled. For these users an unspecified remote code execution vector is present. Users are advised to update to version 3.9.14, 4.13.2, or 5.5.2. Users unable to upgrade should disable `register_argc_argv` to mitigate the issue.

CWE	CWE-94
Vendor	craftcms
Product	cms
Published	Dec 18, 2024
Last Updated	Oct 21, 2025

⚠️ Actively Exploited — Act Now

Get instant alerts for craftcms cms

This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2024-56145.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

craftcms / cms

>= 4.0.0-RC1, < 4.13.2 >= 5.0.0-RC1, < 5.5.2 >= 3.0.0, < 3.9.14

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/craftcms/cms/security/advisories/GHSA-2p6p-9rc9-62j9 github.com: https://github.com/craftcms/cms/commit/82e893fb794d30563da296bca31379c0df0079b3 github.com: https://github.com/Chocapikk/CVE-2024-56145 cisa.gov: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-56145