CVE-2023-43646

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Sep 27, 2023

Updated: Oct 2, 2023

CWE ID 1333

CWE ID 400

Summary

CVE-2023-43655 is a remote code execution vulnerability affecting Composer, a popular PHP dependency manager. This issue arises when a user publishes a composer.phar file to a publicly accessible web server, allowing it to be executed as a PHP file, and if PHP's `register_argc_argv` is enabled in php.ini. Versions 2.6.4, 2.2.22, and 1.10.27 are patched against this vulnerability. Users unable to upgrade should disable `register_argc_argv` in php.ini and avoid publishing composer.phar files to the web, which is not considered a best practice.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/svd-Wo
https://www.cve.org/CVERecord?id=CVE-2023-43646
https://nvd.nist.gov/vuln/detail/CVE-2023-43646

Back to Vulnerability Database

CVE-2023-43646

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations