PT-2023-30910 · Unknown · Statamic Cms

Cyber-Wo0Dy

Publicado

2023-11-21

Atualizado

2023-11-30

CVE-2023-48701

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:H

Name of the Vulnerable Software and Affected Versions Statamic CMS versions prior to 3.4.15 and 4.36.0

Description The issue allows HTML files crafted to look like images to be uploaded, bypassing mime validation. This is applicable on front-end forms using the "Forms" feature with an assets field, or within the control panel, which requires authentication.

Recommendations For versions prior to 3.4.15, update to version 3.4.15 or later. For versions prior to 4.36.0, update to version 4.36.0 or later. As a temporary workaround, consider restricting access to the "Forms" feature and the control panel to minimize the risk of exploitation.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2023-48701

GHSA-8JJH-J3C2-CJCV

Produtos afetados

Statamic Cms

PT-2023-30910 · Unknown · Statamic Cms

CVE-2023-48701

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10