CVE-2024-52292

Опубликовано: 13 нояб. 2024

Источник: nvd

CVSS3: 7.7

CVSS3: 6.5

EPSS Низкий

Описание

Craft is a content management system (CMS). The dataUrl function can be exploited if an attacker has write permissions on system notification templates. This function accepts an absolute file path, reads the file's content, and converts it into a Base64-encoded string. By embedding this function within a system notification template, the attacker can exfiltrate the Base64-encoded file content through a triggered system email notification. Once the email is received, the Base64 payload can be decoded, allowing the attacker to read arbitrary files on the server. This is fixed in 5.4.9 and 4.12.8.

Ссылки

https://github.com/craftcms/cms/security/advisories/GHSA-cw6g-qmjq-6w2w
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*

Версия от 3.5.13 (включая) до 4.12.8 (исключая)

cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*

Версия от 5.0.0 (включая) до 5.4.9 (исключая)

EPSS

Процентиль: 54%

0.00315

Низкий

7.7 High

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-cw6g-qmjq-6w2w

CVSS3: 7.7

github

около 1 года назад

Craft CMS Arbitrary System File Read

EPSS

Процентиль: 54%

0.00315

Низкий

7.7 High

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-22