xxxxxxxxxx
# ============================================================================
# Title: Forge CraftCMS RCE Patch
# Author: Mat (contact@mat.codes)
# Date: 2024-01-09
# Description: Updates PHP configuration settings to patch RCE
# vulnerability (CVE-2024-56145) in CraftCMS by setting the `register_argc_argv` option to "Off".
# ============================================================================
# Loop through each of the php.ini files for every version installed
for PHP_INI_FILE in /etc/php/*/fpm/php.ini; do
echo "Processing file: $PHP_INI_FILE"
# Remove any existing register_argc_argv settings
sed -i '/^register_argc_argv/d' $PHP_INI_FILE
# Add register_argc_argv = Off to end of file
echo "register_argc_argv = Off" >> $PHP_INI_FILE
# Restart the corresponding PHP-FPM service
PHP_VERSION=$(echo $PHP_INI_FILE | awk -F'/' '{print $4}')
echo "Restarting PHP-FPM service for version $PHP_VERSION"
service php$PHP_VERSION-fpm restart
done
echo "Restarting Nginx service"
service nginx restart
Design © 2025. ForgeRecipes loves you.
Site maintained by Vince Mitchell.
Inspired by original by David Hemphill, Tanner Hearne, & Matt Stauffer.