CVE-2023-48701
Last modified
CVE-2023-48701 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. Statamic CMS is a Laravel and Git powered content management system (CMS). Prior to versions 3.4.15 an 4.36.0, HTML files crafted to look like images may be uploaded regardless of mime validation. EPSS estimates a 0.70% chance of exploitation in the next 30 days.
Description
Statamic CMS is a Laravel and Git powered content management system (CMS). Prior to versions 3.4.15 an 4.36.0, HTML files crafted to look like images may be uploaded regardless of mime validation. This is only applicable on front-end forms using the "Forms" feature containing an assets field, or within the control panel which requires authentication. This issue has been patched on 3.4.15 and 4.36.0.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Statamic | Statamic | < 3.4.15 |
| Statamic | Statamic | >= 4.0.0, < 4.36.0 |
References
- https://github.com/statamic/cms/releases/tag/v3.4.15Release Notes
- https://github.com/statamic/cms/releases/tag/v4.36.0Release Notes
- https://github.com/statamic/cms/releases/tag/v3.4.15Release Notes
- https://github.com/statamic/cms/releases/tag/v4.36.0Release Notes
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-48701?
How severe is CVE-2023-48701?
How do I fix CVE-2023-48701?
Are you affected by CVE-2023-48701?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST