Lucene search

GitHub Advisory DatabaseGHSA-72HG-5WR5-RMFC

HistoryNov 12, 2023 - 3:57 p.m.

Statamic CMS remote code execution via front-end form uploads

2023-11-1215:57:58

CWE-434

GitHub Advisory Database

github.com

statamic cms

remote code execution

front-end

form uploads

asset upload

php files

mime validation

forms feature

control panel

vulnerability

patch

3.4.13

4.33.0

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

Low

EPSS

0.001

Percentile

30.4%

JSON

Impact

On front-end forms with an asset upload field, PHP files crafted to look like images may be uploaded regardless of mime validation rules. This only affects forms using the “Forms” feature and not just any arbitrary form. This does not affect the control panel.

Patches

It has been patched in 3.4.13 and 4.33.0.

Affected configurations

Vulners

Node

statamiccmsRange<3.4.13

statamiccmsRange4.0.0–4.33.0

VendorProductVersionCPE
statamiccms*cpe:2.3:a:statamic:cms:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
statamic	cms	*	cpe:2.3:a:statamic:cms::::::::

References

github.com/advisories/GHSA-72hg-5wr5-rmfc

github.com/statamic/cms/commit/098ef8024d97286ca501273c18ae75b646262d75

github.com/statamic/cms/commit/f6c688154f6bdbd0b67039f8f11dcd98ba061e77

github.com/statamic/cms/security/advisories/GHSA-72hg-5wr5-rmfc

nvd.nist.gov/vuln/detail/CVE-2023-47129

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

Low

EPSS

0.001

Percentile

30.4%

JSON

Related for GHSA-72HG-5WR5-RMFC