PT-2023-30332 · Statamic · Statamic

Cyber-Wo0Dy

Published

2023-11-10

Updated

2023-11-17

CVE-2023-47129

CVSS v3.1

8.3

High

Vector

AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Statmic versions prior to 3.4.13 Statmic versions prior to 4.33.0

Description The issue allows PHP files crafted to look like images to be uploaded on front-end forms with an asset upload field, bypassing mime validation rules. This affects forms using the "Forms" feature, but not arbitrary forms, and does not impact the control panel.

Recommendations For versions prior to 3.4.13, update to version 3.4.13 or later. For versions prior to 4.33.0, update to version 4.33.0 or later.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2023-47129

GHSA-72HG-5WR5-RMFC

Affected Products

Statamic

PT-2023-30332 · Statamic · Statamic

CVE-2023-47129

Weakness Enumeration

Related Identifiers

Affected Products

References · 12