CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
23.1%
statamic/cms is vulnerable to Remote Code Execution (RCE). This vulnerability impacts both front-end forms employing the Forms
feature and asset upload fields in the control panel. Malicious actors can exploit this loophole to introduce and execute arbitrary code via uploading image files.
github.com/advisories/GHSA-2r53-9295-3m86
github.com/statamic/cms/commit/4c6fe041e2203a8033e5949ce4a5d9d6c0ad2411
github.com/statamic/cms/commit/da28afde818d605179fbb63b96eabafabad876b6
github.com/statamic/cms/pull/8991
github.com/statamic/cms/pull/8992
github.com/statamic/cms/releases/tag/v3.4.14
github.com/statamic/cms/releases/tag/v4.34.0
github.com/statamic/cms/security/advisories/GHSA-2r53-9295-3m86