Vulnerability Description
Statmic is a core Laravel content management system Composer package. Prior to versions 3.4.13 and 4.33.0, on front-end forms with an asset upload field, PHP files crafted to look like images may be uploaded. This only affects forms using the "Forms" feature and not just _any_ arbitrary form. This does not affect the control panel. This issue has been patched in 3.4.13 and 4.33.0.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Statamic | Statamic | < 3.4.13 |
Related Weaknesses (CWE)
References
- https://github.com/statamic/cms/commit/098ef8024d97286ca501273c18ae75b646262d75Patch
- https://github.com/statamic/cms/commit/f6c688154f6bdbd0b67039f8f11dcd98ba061e77Patch
- https://github.com/statamic/cms/security/advisories/GHSA-72hg-5wr5-rmfcVendor Advisory
- https://github.com/statamic/cms/commit/098ef8024d97286ca501273c18ae75b646262d75Patch
- https://github.com/statamic/cms/commit/f6c688154f6bdbd0b67039f8f11dcd98ba061e77Patch
- https://github.com/statamic/cms/security/advisories/GHSA-72hg-5wr5-rmfcVendor Advisory
FAQ
What is CVE-2023-47129?
CVE-2023-47129 is a vulnerability with a CVSS score of 8.3 (HIGH). Statmic is a core Laravel content management system Composer package. Prior to versions 3.4.13 and 4.33.0, on front-end forms with an asset upload field, PHP files crafted to look like images may be u...
How severe is CVE-2023-47129?
CVE-2023-47129 has been rated HIGH with a CVSS base score of 8.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-47129?
Check the references section above for vendor advisories and patch information. Affected products include: Statamic Statamic.