Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-47129: Remote code execution via front-end form uploads

Statmic is a core Laravel content management system Composer package. Prior to versions 3.4.13 and 4.33.0, on front-end forms with an asset upload field, PHP files crafted to look like images may be uploaded. This only affects forms using the “Forms” feature and not just any arbitrary form. This does not affect the control panel. This issue has been patched in 3.4.13 and 4.33.0.

CVE
Open in Source
#php#rce

Package

Affected versions

<4.33.0, <3.4.13

Patched versions

4.33.0, 3.4.13

Description

Impact

On front-end forms with an asset upload field, PHP files crafted to look like images may be uploaded regardless of mime validation rules. This only affects forms using the “Forms” feature and not just any arbitrary form. This does not affect the control panel.

Patches

It has been patched in 3.4.13 and 4.33.0.

Related news

GHSA-72hg-5wr5-rmfc: Statamic CMS remote code execution via front-end form uploads

### Impact On front-end forms with an asset upload field, PHP files crafted to look like images may be uploaded regardless of mime validation rules. This only affects forms using the "Forms" feature and not just _any_ arbitrary form. This does not affect the control panel. ### Patches It has been patched in 3.4.13 and 4.33.0.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE