CVE-2023-48701

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Nov 21, 2023

Updated: Nov 30, 2023

CWE ID 79

Summary

CVE-2023-48701 affects Statamic CMS, a Laravel and Git-powered content management system. In versions prior to 3.4.15 and 4.36.0, the system failed to properly validate the mime type of uploaded files. Maliciously crafted HTML files, disguised as images, could be uploaded. This vulnerability only impacts front-end forms with an "assets" field or the control panel, both requiring authentication. The issue has been remedied in versions 3.4.15 and 4.36.0.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Statamic

Affected Vendors

Statamic

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tdDEJJ
https://www.cve.org/CVERecord?id=CVE-2023-48701
https://nvd.nist.gov/vuln/detail/CVE-2023-48701

Back to Vulnerability Database