PT-2023-30735 · Statamic · Statamic
Ahinkle
·
Publicado
2023-11-14
·
Atualizado
2023-11-22
·
CVE-2023-48217
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Statamic versions prior to 3.4.14
Statamic versions prior to 4.34.0
Description
The issue allows malicious users to upload and execute code by uploading PHP files crafted to look like images, bypassing mime type validation rules. This affects front-end forms using the "Forms" feature and asset upload fields in the control panel.
Recommendations
For versions prior to 3.4.14, upgrade to version 3.4.14 or later.
For versions prior to 4.34.0, upgrade to version 4.34.0 or later.
Exploit
Correção
Unrestricted File Upload
Code Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Statamic