Description

Statmatic is a Laravel and Git powered content management system (CMS). Prior to version 5.17.0, assets uploaded with appropriately crafted filenames may result in them being placed in a location different than what was configured. The issue affects front-end forms with `assets` fields and other places where assets can be uploaded, although users would need upload permissions anyway. Files can be uploaded so they would be located on the server in a different location, and potentially override existing files. Traversal outside an asset container is not possible. This path traversal vulnerability has been fixed in 5.17.0.

INFO

Published Date :

2024-11-19T16:30:12.221Z

Last Modified :

2024-12-03T17:18:17.282Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-52600 vulnerability.

Vendors Products
Statamic
  • Statamic
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-52600.

URL Resource
https://github.com/statamic/cms/commit/0c07c10009a2439c8ee56c8faefd1319dc6e388d cve-icon cve-icon
https://github.com/statamic/cms/commit/400875b20f40e1343699d536a432a6fc284346da cve-icon cve-icon
https://github.com/statamic/cms/commit/4cc2c9bd0f39a93b3fc7e9ef0f12792576fd380d cve-icon cve-icon
https://github.com/statamic/cms/security/advisories/GHSA-p7f6-8mcm-fwv3 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact