Potential RCE when PHP `register_argc_argv` config setting is enabled

High

angrybrad published GHSA-2p6p-9rc9-62j9

Dec 18, 2024

Package

craftcms/cms (Composer)

Affected versions

>= 5.0.0-RC1, < 5.5.2

>= 4.0.0-RC1, < 4.13.2

>= 3.0.0, < 3.9.14

Patched versions

5.5.2

4.13.2

3.9.14

Description

Impact

You are affected if your php.ini configuration has register_argc_argv enabled.

Patches

Update to 4.13.2 or 5.5.2.

Workarounds

If you can't upgrade yet, and register_argc_argv is enabled, you can disable it to mitigate the issue.