PT-2023-30332 · Statamic · Statamic

Cyber-Wo0Dy

Publicado

2023-11-10

Atualizado

2023-11-17

CVE-2023-47129

CVSS v3.1

8.3

Alta

Vetor

AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Statmic versions prior to 3.4.13 Statmic versions prior to 4.33.0

Description The issue allows PHP files crafted to look like images to be uploaded on front-end forms with an asset upload field, bypassing mime validation rules. This affects forms using the "Forms" feature, but not arbitrary forms, and does not impact the control panel.

Recommendations For versions prior to 3.4.13, update to version 3.4.13 or later. For versions prior to 4.33.0, update to version 4.33.0 or later.

Exploit

Correção

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434

Identificadores relacionados

CVE-2023-47129

GHSA-72HG-5WR5-RMFC

Produtos afetados

Statamic

PT-2023-30332 · Statamic · Statamic

CVE-2023-47129

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 12