Arbitrary PHP File Upload Vulnerability in Statmic CMS

Arbitrary PHP File Upload Vulnerability in Statmic CMS

CVE-2023-47129 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Statmic is a core Laravel content management system Composer package. Prior to versions 3.4.13 and 4.33.0, on front-end forms with an asset upload field, PHP files crafted to look like images may be uploaded. This only affects forms using the "Forms" feature and not just _any_ arbitrary form. This does not affect the control panel. This issue has been patched in 3.4.13 and 4.33.0.

Learn more about our Web Application Penetration Testing UK.