Lucene search

[email protected]NVD:CVE-2023-47129

HistoryNov 10, 2023 - 7:15 p.m.

CVE-2023-47129

2023-11-1019:15:16

CWE-434

[email protected]

web.nvd.nist.gov

statmic laravel cms

php file upload

front-end forms

image disguise

security vulnerability

patch

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

30.4%

JSON

Statmic is a core Laravel content management system Composer package. Prior to versions 3.4.13 and 4.33.0, on front-end forms with an asset upload field, PHP files crafted to look like images may be uploaded. This only affects forms using the “Forms” feature and not just any arbitrary form. This does not affect the control panel. This issue has been patched in 3.4.13 and 4.33.0.

Affected configurations

Nvd

Node

statamicstatamicRange<3.4.13

statamicstatamicRange4.0.0–4.33.0

VendorProductVersionCPE
statamicstatamic*cpe:2.3:a:statamic:statamic:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
statamic	statamic	*	cpe:2.3:a:statamic:statamic::::::::

References

github.com/statamic/cms/commit/098ef8024d97286ca501273c18ae75b646262d75

github.com/statamic/cms/commit/f6c688154f6bdbd0b67039f8f11dcd98ba061e77

github.com/statamic/cms/security/advisories/GHSA-72hg-5wr5-rmfc

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

30.4%

JSON

Related for NVD:CVE-2023-47129

cvelist1 osv2 vulnrichment1 cve1 github1 prion1 veracode1