Описание
Statmic is a core Laravel content management system Composer package. Prior to versions 3.4.13 and 4.33.0, on front-end forms with an asset upload field, PHP files crafted to look like images may be uploaded. This only affects forms using the "Forms" feature and not just any arbitrary form. This does not affect the control panel. This issue has been patched in 3.4.13 and 4.33.0.
Ссылки
- Patch
- Patch
- Vendor Advisory
- Patch
- Patch
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.4.13 (исключая)Версия от 4.0.0 (включая) до 4.33.0 (исключая)
Одно из
cpe:2.3:a:statamic:statamic:*:*:*:*:*:*:*:*
cpe:2.3:a:statamic:statamic:*:*:*:*:*:*:*:*
EPSS
Процентиль: 89%
0.04856
Низкий
8.3 High
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-434
CWE-434
Связанные уязвимости
CVSS3: 8.3
github
около 2 лет назад
Statamic CMS remote code execution via front-end form uploads
EPSS
Процентиль: 89%
0.04856
Низкий
8.3 High
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-434
CWE-434