CVE-2023-48217

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Nov 14, 2023

Updated: Nov 22, 2023

CWE ID 434

CWE ID 94

Summary

CVE-2023-48217 is a vulnerability affecting Statamic, a Laravel + Git powered CMS. In exploited versions, maliciously crafted files, disguised as images, can bypass mime type validation during upload. This issue poses a risk for front-end forms and control panel asset upload fields, leaving the system open to code execution by attackers. The flaw has been rectified in versions 3.4.14 and 4.34.0. It is strongly recommended that users upgrade to mitigate this threat; currently, there are no reported workarounds.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Statamic

Affected Vendors

Statamic

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tY1LJS
https://www.cve.org/CVERecord?id=CVE-2023-48217
https://nvd.nist.gov/vuln/detail/CVE-2023-48217

Back to Vulnerability Database