Vulnerability Description
Craft is a content management system (CMS). A vulnerability in CraftCMS allows an attacker to bypass local file system validation by utilizing a double file:// scheme (e.g., file://file:////). This enables the attacker to specify sensitive folders as the file system, leading to potential file overwriting through malicious uploads, unauthorized access to sensitive files, and, under certain conditions, remote code execution (RCE) via Server-Side Template Injection (SSTI) payloads. Note that this will only work if you have an authenticated administrator account with allowAdminChanges enabled. This is fixed in 5.4.6 and 4.12.5.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Craftcms | Craft Cms | < 4.12.5 |
Related Weaknesses (CWE)
References
- https://github.com/craftcms/cms/security/advisories/GHSA-jrh5-vhr9-qh7qExploitVendor Advisory
FAQ
What is CVE-2024-52291?
CVE-2024-52291 is a vulnerability with a CVSS score of 8.4 (HIGH). Craft is a content management system (CMS). A vulnerability in CraftCMS allows an attacker to bypass local file system validation by utilizing a double file:// scheme (e.g., file://file:////). This en...
How severe is CVE-2024-52291?
CVE-2024-52291 has been rated HIGH with a CVSS base score of 8.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-52291?
Check the references section above for vendor advisories and patch information. Affected products include: Craftcms Craft Cms.