An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0ycjUzLTkyOTUtM204Ns4AA3K4
Statamic CMS vulnerable to remote code execution via form uploads
Similar to another advisory, certain additional PHP files crafted to look like images may be uploaded regardless of mime type validation rules. This affects front-end forms using the "Forms" feature, and asset upload fields in the control panel.
It has been patched in 3.4.14 and 4.34.0.Permalink: https://github.com/advisories/GHSA-2r53-9295-3m86
Source: GitHub Advisory Database
Published: 14 days ago
Updated: 6 days ago
CVSS Score: 8.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-2r53-9295-3m86, CVE-2023-48217
Fixed in: 3.4.14, 4.34.0