Published: 10/11/2023 Updated: 17/11/2023

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

Statmic is a core Laravel content management system Composer package. Prior to versions 3.4.13 and 4.33.0, on front-end forms with an asset upload field, PHP files crafted to look like images may be uploaded. This only affects forms using the "Forms" feature and not just _any_ arbitrary form. This does not affect the control panel. This issue has been patched in 3.4.13 and 4.33.0.

Vulnerable Product	Search on Vulmon	Subscribe to Product
statamic statamic

Statamic CMS versions <4.33.0 vulnerable to "Remote Code Execution"

CVE-2023-47129 - Statamic CMS versions <4330 - Remote Code Execution Description In versions <4330 of Statamic CMS where the front-end has a form with active file upload, it is possible to send PHP files created to look like images, regardless of the mime validation rules This vulnerability allows an attacker to upload arbitrary and potentially dangerous file

CWE-434 https://github.com/statamic/cms/security/advisories/GHSA-72hg-5wr5-rmfc https://github.com/statamic/cms/commit/098ef8024d97286ca501273c18ae75b646262d75 https://github.com/statamic/cms/commit/f6c688154f6bdbd0b67039f8f11dcd98ba061e77 https://nvd.nist.gov https://github.com/Cyber-Wo0dy/CVE-2023-47129

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-47129

Vulnerability Summary

Github Repositories

References

Vulmon Search

About

Products

Connect