fredmansky / craft-rce-fix
Fixes handle rce vulnerability.
Installs: 318
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 1
Forks: 0
Type:craft-plugin
Requires
- php: >=8
- craftcms/cms: ^3.0|^4.0|^5.0
Requires (Dev)
- craftcms/ecs: dev-main
- craftcms/phpstan: dev-main
README
This plugin mitigates the critical RCE vulnerability found in Craft CMS by automatically blocking any request that includes __class in the request body. Designed for Craft CMS >= 3.9.4 and >= 4.4.15, it prevents malicious controllers from executing arbitrary code, offering an essential security layer until you can upgrade to the official fixed versions (3.9.15, 4.14.15, and 5.6.17).
Requirements
This plugin requires Craft CMS 3, 4 or 5 and PHP 8.0
Installation with DDEV
ddev composer require fredmansky/craft-rce-fix && ddev craft plugin/install rce-fix
Installation with PHP
composer require fredmansky/craft-rce-fix && php craft plugin/install rce-fix