CVE-2024-52600

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Nov 19, 2024

CWE ID 22

Summary

CVE-2024-52600 is a path traversal vulnerability affecting the Statmatic content management system (CMS) prior to version 5.17.0. This issue stems from the system's handling of uploaded assets with carefully crafted filenames. Assets can be placed in locations other than those configured, potentially causing files to overwrite each other. The flaw impacts front-end forms with `assets` fields, among other areas where files can be uploaded. It is important to note that attackers would need upload permissions to exploit this vulnerability. The vulnerability has been rectified in Statmatic version 5.17.0.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/0ifZ6u
https://www.cve.org/CVERecord?id=CVE-2024-52600
https://nvd.nist.gov/vuln/detail/CVE-2024-52600

Back to Vulnerability Database

CVE-2024-52600

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations