CraftCMS RCE Vulnerability Patch

By Mat // 2 months ago

Clone

A remote code execution vulnerability was discovered late 2024 that potentially makes Craft sites vulnerable to remote code execution attacks (CVE-2024-56145).

This solution is suggested by the author of this article on the issue:
https://www.assetnote.io/resources/research/how-an-obscure-php-footgun-led-to-rce-in-craft-cms

Intended as a quick solution to patch a large number of sites at once until they can each be updated to a patched version of Craft CMS.

#!/usr/bin/env bash

# ============================================================================
# Title: Forge CraftCMS RCE Patch
# Author: Mat (contact@mat.codes)
# Date: 2024-01-09
# Description: Updates PHP configuration settings to patch RCE 
#              vulnerability (CVE-2024-56145) in CraftCMS by setting the `register_argc_argv` option to "Off".
# ============================================================================

# Loop through each of the php.ini files for every version installed
for PHP_INI_FILE in /etc/php/*/fpm/php.ini; do
  echo "Processing file: $PHP_INI_FILE"

# Remove any existing register_argc_argv settings
  sed -i '/^register_argc_argv/d' $PHP_INI_FILE
  
  # Add register_argc_argv = Off to end of file
  echo "register_argc_argv = Off" >> $PHP_INI_FILE

# Restart the corresponding PHP-FPM service
  PHP_VERSION=$(echo $PHP_INI_FILE | awk -F'/' '{print $4}')
  echo "Restarting PHP-FPM service for version $PHP_VERSION"
  service php$PHP_VERSION-fpm restart
done

echo "Restarting Nginx service"
service nginx restart

Site maintained by Vince Mitchell.

Inspired by original by David Hemphill, Tanner Hearne, & Matt Stauffer.