An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS03MmhnLTV3cjUtcm1mY84AA3C3
Statamic CMS remote code execution via front-end form uploads
On front-end forms with an asset upload field, PHP files crafted to look like images may be uploaded regardless of mime validation rules. This only affects forms using the "Forms" feature and not just any arbitrary form. This does not affect the control panel.
It has been patched in 3.4.13 and 4.33.0.Permalink: https://github.com/advisories/GHSA-72hg-5wr5-rmfc
Source: GitHub Advisory Database
Published: 16 days ago
Updated: 16 days ago
CVSS Score: 8.3
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Identifiers: GHSA-72hg-5wr5-rmfc, CVE-2023-47129
Fixed in: 3.4.13, 4.33.0