CVE-2024-52600

Name of the Vulnerable Software and Affected Versions Statmatic versions prior to 5.17.0

Description The issue allows assets uploaded with specially crafted filenames to be placed in a different location than configured, affecting front-end forms with assets fields and other areas where assets can be uploaded. This can potentially override existing files on the server. However, traversal outside an asset container is not possible.

Recommendations For versions prior to 5.17.0, update to version 5.17.0 to resolve the issue. As a temporary workaround, consider restricting upload permissions to minimize the risk of exploitation. Additionally, restrict access to areas where assets can be uploaded to reduce the potential impact.