CVE-2023-47129 - OpenCVE

Statmic is a core Laravel content management system Composer package. Prior to versions 3.4.13 and 4.33.0, on front-end forms with an asset upload field, PHP files crafted to look like images may be uploaded. This only affects forms using the "Forms" feature and not just _any_ arbitrary form. This does not affect the control panel. This issue has been patched in 3.4.13 and 4.33.0.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Statamic	Statamic

Configuration 1 [-]

OR	cpe:2.3:a:statamic:statamic::::::::
	cpe:2.3:a:statamic:statamic::::::::

No data.

References

Link	Providers
https://github.com/statamic/cms/commit/098ef8024d97286ca501273c18ae75b646262d75
https://github.com/statamic/cms/commit/f6c688154f6bdbd0b67039f8f11dcd98ba061e77
https://github.com/statamic/cms/security/advisories/GHSA-72hg-5wr5-rmfc

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-11-10T18:48:03.265Z

Updated: 2024-09-03T17:24:55.886Z

Reserved: 2023-10-30T19:57:51.677Z

Link: CVE-2023-47129

Vulnrichment

Updated: 2024-08-02T21:01:22.814Z

NVD

Status : Analyzed

Published: 2023-11-10T19:15:16.617

Modified: 2023-11-17T17:15:02.653

Link: CVE-2023-47129

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-47129", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-10-30T19:57:51.677Z", "datePublished": "2023-11-10T18:48:03.265Z", "dateUpdated": "2024-09-03T17:24:55.886Z"}, "containers": {"cna": {"title": "Statamic CMS remote code execution via front-end form uploads", "problemTypes": [{"descriptions": [{"cweId": "CWE-434", "lang": "en", "description": "CWE-434: Unrestricted Upload of File with Dangerous Type", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/statamic/cms/security/advisories/GHSA-72hg-5wr5-rmfc", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/statamic/cms/security/advisories/GHSA-72hg-5wr5-rmfc"}, {"name": "https://github.com/statamic/cms/commit/098ef8024d97286ca501273c18ae75b646262d75", "tags": ["x_refsource_MISC"], "url": "https://github.com/statamic/cms/commit/098ef8024d97286ca501273c18ae75b646262d75"}, {"name": "https://github.com/statamic/cms/commit/f6c688154f6bdbd0b67039f8f11dcd98ba061e77", "tags": ["x_refsource_MISC"], "url": "https://github.com/statamic/cms/commit/f6c688154f6bdbd0b67039f8f11dcd98ba061e77"}], "affected": [{"vendor": "statamic", "product": "cms", "versions": [{"version": "< 3.4.13", "status": "affected"}, {"version": ">= 4.0.0, < 4.33.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-11-10T18:48:03.265Z"}, "descriptions": [{"lang": "en", "value": "Statmic is a core Laravel content management system Composer package. Prior to versions 3.4.13 and 4.33.0, on front-end forms with an asset upload field, PHP files crafted to look like images may be uploaded. This only affects forms using the \"Forms\" feature and not just _any_ arbitrary form. This does not affect the control panel. This issue has been patched in 3.4.13 and 4.33.0.\n"}], "source": {"advisory": "GHSA-72hg-5wr5-rmfc", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:01:22.814Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/statamic/cms/security/advisories/GHSA-72hg-5wr5-rmfc", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/statamic/cms/security/advisories/GHSA-72hg-5wr5-rmfc"}, {"name": "https://github.com/statamic/cms/commit/098ef8024d97286ca501273c18ae75b646262d75", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/statamic/cms/commit/098ef8024d97286ca501273c18ae75b646262d75"}, {"name": "https://github.com/statamic/cms/commit/f6c688154f6bdbd0b67039f8f11dcd98ba061e77", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/statamic/cms/commit/f6c688154f6bdbd0b67039f8f11dcd98ba061e77"}]}, {"affected": [{"vendor": "statamic", "product": "cms", "cpes": ["cpe:2.3:a:statamic:cms:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.4.13", "versionType": "custom"}, {"version": "4.0.0", "status": "affected", "lessThan": "4.33.0", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-03T17:21:20.779648Z", "id": "CVE-2023-47129", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-03T17:24:55.886Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/statamic/cms/security/advisories/GHSA-72hg-5wr5-rmfc", "name": "https://github.com/statamic/cms/security/advisories/GHSA-72hg-5wr5-rmfc", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/statamic/cms/commit/098ef8024d97286ca501273c18ae75b646262d75", "name": "https://github.com/statamic/cms/commit/098ef8024d97286ca501273c18ae75b646262d75", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/statamic/cms/commit/f6c688154f6bdbd0b67039f8f11dcd98ba061e77", "name": "https://github.com/statamic/cms/commit/f6c688154f6bdbd0b67039f8f11dcd98ba061e77", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:01:22.814Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-47129", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-03T17:21:20.779648Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:statamic:cms:*:*:*:*:*:*:*:*"], "vendor": "statamic", "product": "cms", "versions": [{"status": "affected", "version": "0", "lessThan": "3.4.13", "versionType": "custom"}, {"status": "affected", "version": "4.0.0", "lessThan": "4.33.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-03T17:24:40.897Z"}}], "cna": {"title": "Statamic CMS remote code execution via front-end form uploads", "source": {"advisory": "GHSA-72hg-5wr5-rmfc", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "statamic", "product": "cms", "versions": [{"status": "affected", "version": "< 3.4.13"}, {"status": "affected", "version": ">= 4.0.0, < 4.33.0"}]}], "references": [{"url": "https://github.com/statamic/cms/security/advisories/GHSA-72hg-5wr5-rmfc", "name": "https://github.com/statamic/cms/security/advisories/GHSA-72hg-5wr5-rmfc", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/statamic/cms/commit/098ef8024d97286ca501273c18ae75b646262d75", "name": "https://github.com/statamic/cms/commit/098ef8024d97286ca501273c18ae75b646262d75", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/statamic/cms/commit/f6c688154f6bdbd0b67039f8f11dcd98ba061e77", "name": "https://github.com/statamic/cms/commit/f6c688154f6bdbd0b67039f8f11dcd98ba061e77", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Statmic is a core Laravel content management system Composer package. Prior to versions 3.4.13 and 4.33.0, on front-end forms with an asset upload field, PHP files crafted to look like images may be uploaded. This only affects forms using the \"Forms\" feature and not just _any_ arbitrary form. This does not affect the control panel. This issue has been patched in 3.4.13 and 4.33.0.\n"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-434", "description": "CWE-434: Unrestricted Upload of File with Dangerous Type"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-11-10T18:48:03.265Z"}}}, "cveMetadata": {"cveId": "CVE-2023-47129", "state": "PUBLISHED", "dateUpdated": "2024-09-03T17:24:55.886Z", "dateReserved": "2023-10-30T19:57:51.677Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2023-11-10T18:48:03.265Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:statamic:statamic:*:*:*:*:*:*:*:*", "matchCriteriaId": "F2755BEC-12A8-4B61-9C45-54C8A4C0B5F6", "versionEndExcluding": "3.4.13", "vulnerable": true}, {"criteria": "cpe:2.3:a:statamic:statamic:*:*:*:*:*:*:*:*", "matchCriteriaId": "21D3DF89-2CCF-4A98-8EC7-9C02324CB93C", "versionEndExcluding": "4.33.0", "versionStartIncluding": "4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Statmic is a core Laravel content management system Composer package. Prior to versions 3.4.13 and 4.33.0, on front-end forms with an asset upload field, PHP files crafted to look like images may be uploaded. This only affects forms using the \"Forms\" feature and not just _any_ arbitrary form. This does not affect the control panel. This issue has been patched in 3.4.13 and 4.33.0.\n"}, {"lang": "es", "value": "Statmic es un paquete Composer central del sistema de gesti\u00f3n de contenidos Laravel. Antes de las versiones 3.4.13 y 4.33.0, en los formularios frontales con un campo de carga de activos, se pod\u00edan cargar archivos PHP manipulados para que parecieran im\u00e1genes. Esto s\u00f3lo afecta a los formularios que utilizan la funci\u00f3n \"Formularios\" y no s\u00f3lo a cualquier formulario arbitrario. Esto no afecta al panel de control. Este problema se solucion\u00f3 en 3.4.13 y 4.33.0."}], "id": "CVE-2023-47129", "lastModified": "2023-11-17T17:15:02.653", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-11-10T19:15:16.617", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/statamic/cms/commit/098ef8024d97286ca501273c18ae75b646262d75"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/statamic/cms/commit/f6c688154f6bdbd0b67039f8f11dcd98ba061e77"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/statamic/cms/security/advisories/GHSA-72hg-5wr5-rmfc"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-434"}], "source": "security-advisories@github.com", "type": "Secondary"}]}