Craft is a CMS for creating custom digital experiences on the web and beyond. Bypassing the validatePath function can lead to potential remote code execution. This vulnerability can lead to malicious control of vulnerable systems and data exfiltrations. Although the vulnerability is exploitable only in the authenticated users, configuration with ALLOW_ADMIN_CHANGES=true, there is still a potential security threat (Remote Code Execution). This issue has been patched in version 4.4.15 and version 3.8.15.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-08-23T20:05:57.455Z
Updated: 2024-08-02T18:24:54.994Z
Reserved: 2023-08-08T13:46:25.245Z
Link: CVE-2023-40035
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-08-23T21:15:08.300
Modified: 2023-08-29T15:24:48.697
Link: CVE-2023-40035
Redhat
No data.