Rewhile

**Name of the Vulnerable Software and Affected Versions** Craft versions prior to 4.12.2 and 5.4.3 **Description** The issue is related to a missing `normalizePath` in the `FileHelper::absolutePath` function, which could lead to Remote Code Execution on the server via twig Server Side Template Injection (SSTI). This vulnerability can be exploited by authenticated users when `ALLOW ADMIN CHANGES=true`. The vulnerability allows for the creation of a Local filesystem within system directories, upload of a malicious `poc.ttml` file, and execution of arbitrary code using a new route with the template path `poc/poc.ttml`. Technical details about exploitation include the use of specific API endpoints and variables, such as the `FileHelper::absolutePath` function and the `isSystemDir` function in `Security.php`. The `find` filter in twig was also used in the proof of concept. **Recommendations** For Craft versions prior to 4.12.2, update to version 4.12.2 or later. For Craft versions prior to 5.4.3, update to version 5.4.3 or later. As a temporary workaround, consider disabling the `FileHelper::absolutePath` function until a patch is available. Restrict access to the `Security.php` and `Local.php` files to minimize the risk of exploitation. Avoid using the `find` filter in twig until the issue is resolved.