CVE-2023-47129— Statamic CMS remote code execution via front-end form uploads

Statamic CMS remote code execution via front-end form uploads

Statmic is a core Laravel content management system Composer package. Prior to versions 3.4.13 and 4.33.0, on front-end forms with an asset upload field, PHP files crafted to look like images may be uploaded. This only affects forms using the "Forms" feature and not just _any_ arbitrary form. This does not affect the control panel. This issue has been patched in 3.4.13 and 4.33.0.

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

危险类型文件的不加限制上传

Statamic 代码问题漏洞

Statamic是美国Statamic公司的一个基于 Laravel 构建的强大的平面文件 Cms。用于将所有内容、模板、资产和设置存储在文件而不是数据库中。 Statamic存在安全漏洞，该漏洞源于允许攻击者通过asset upload字段上传精心制作的PHP文件。受影响的产品和版本：Statmic 3.4.13之前版本，4.33.0之前版本，

N/A

N/A