Fixed an RCE vulnerability

craftcms · Nov 19, 2024 · 6e5bbf5 · 6e5bbf5
1 parent 6b0c951
commit 6e5bbf5
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,7 @@
 - Fixed a JavaScript error that could occur on element edit pages. ([#16055](https://github.com/craftcms/cms/issues/16055))
 - Fixed a Twig deprecation error. ([#16107](https://github.com/craftcms/cms/issues/16107))
 - Fixed a bug where `craft\services\Structures::fillGapsInElements()` wasn’t working properly if the elements weren’t passed in hierarchical order. ([#16085](https://github.com/craftcms/cms/issues/16085))
+- Fixed an RCE vulnerability.
 
 ## 4.13.0 - 2024-11-12
 

diff --git a/src/helpers/App.php b/src/helpers/App.php
@@ -11,6 +11,7 @@
 use craft\behaviors\SessionBehavior;
 use craft\cache\FileCache;
 use craft\config\DbConfig;
+use craft\console\Application as ConsoleApplication;
 use craft\db\Command;
 use craft\db\Connection;
 use craft\db\mysql\Schema as MysqlSchema;
@@ -272,7 +273,7 @@ public static function cliOption(string $name, bool $unset = false): string|floa
             throw new InvalidArgumentException("Invalid CLI option name: $name");
         }
 
-        if (empty($_SERVER['argv'])) {
+        if (!Craft::$app instanceof ConsoleApplication || empty($_SERVER['argv'])) {
             return null;
         }