CVE-2023-47129

Description

Statmic is a core Laravel content management system Composer package. Prior to versions 3.4.13 and 4.33.0, on front-end forms with an asset upload field, PHP files crafted to look like images may be uploaded. This only affects forms using the "Forms" feature and not just any arbitrary form. This does not affect the control panel. This issue has been patched in 3.4.13 and 4.33.0.

NVD
Severity: CRITICAL
CVE ID: CVE-2023-47129
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

GitHub, Inc.
Severity: HIGH
CVE ID: CVE-2023-47129
CVSS Score: 8.3
CVSS Metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Refrence: NVD MITRE

Proof Of Concept

Cyber-Wo0dy

Statamic CMS versions <4.33.0 vulnerable to "Remote Code Execution"

Refrence: GitHub

Description​

Proof Of Concept​

Description

Proof Of Concept