CVE-2024-52291

Name of the Vulnerable Software and Affected Versions CraftCMS versions prior to 4.12.5 CraftCMS versions prior to 5.4.6

Description A vulnerability in CraftCMS allows an attacker to bypass local file system validation by utilizing a double file:// scheme. This enables the attacker to specify sensitive folders as the file system, leading to potential file overwriting through malicious uploads, unauthorized access to sensitive files, and, under certain conditions, remote code execution (RCE) via Server-Side Template Injection (SSTI) payloads. The issue can be exploited if an authenticated administrator account with allowAdminChanges enabled is compromised.

Recommendations For CraftCMS versions prior to 4.12.5, update to version 4.12.5 or later to fix the vulnerability. For CraftCMS versions prior to 5.4.6, update to version 5.4.6 or later to fix the vulnerability. As a temporary workaround, consider setting allowAdminChanges to false in production to minimize the risk of exploitation. Restrict access to sensitive folders and files to prevent unauthorized access and potential file overwriting. Avoid using the double file:// scheme in file system paths to prevent bypassing local file system validation.