CVE-2024-56145CISA KEVEPSS p99.9%

CVE-2024-56145Craft CMS Code Injection Vulnerability

Craft CMS / Craft CMS

Description

Craft CMS contains a code injection vulnerability. Users with affected versions are vulnerable to remote code execution if their php.ini configuration has `register_argc_argv` enabled.

Scoring

EPSS97.45% probability of exploitation · percentile 99.9% · 2026-06-18T12:00:27Z

CISA KEV entry

Added to KEV: 2025-06-02

(incoming)1

TypeTargetConfidenceTier
KEVEntryCraft CMS Code Injection Vulnerabilitykev-cve-2024-561450%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Craft CMS External Control of Assumed-Immutable Web Parameter Vulnerability
CVE
CVE-2025-68454
CVE
CVE-2026-28697
CVE
CVE-2025-6384
CVE
CVE-2026-31857
CVE
CVE-2025-14700
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.