Statamic is a flat-first, Laravel + Git powered CMS designed for building websites. In affected versions certain additional PHP files crafted to look like images may be uploaded regardless of mime type validation rules. This affects front-end forms using the "Forms" feature, and asset upload fields in the control panel. Malicious users could leverage this vulnerability to upload and execute code. This issue has been patched in versions 3.4.14 and 4.34.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-11-14T21:38:37.590Z
Updated: 2024-08-30T14:03:24.570Z
Reserved: 2023-11-13T13:25:18.479Z
Link: CVE-2023-48217
Vulnrichment
Updated: 2024-08-02T21:23:39.132Z
NVD
Status : Modified
Published: 2023-11-14T22:15:31.577
Modified: 2024-11-21T08:31:13.740
Link: CVE-2023-48217
Redhat
No data.