cbcvebase.
CVE-2023-47129
published 2023-11-10

CVE-2023-47129: Statmic is a core Laravel content management system Composer package. Prior to versions 3.4.13 and 4.33.0, on front-end forms with an asset upload field, PHP…

PriorityP258critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.12%
62.1th percentile
Statmic is a core Laravel content management system Composer package. Prior to versions 3.4.13 and 4.33.0, on front-end forms with an asset upload field, PHP files crafted to look like images may be uploaded. This only affects forms using the "Forms" feature and not just _any_ arbitrary form. This does not affect the control panel. This issue has been patched in 3.4.13 and 4.33.0.

Affected

6 ranges
VendorProductVersion rangeFixed in
statamiccms< 3.4.133.4.13
statamiccms
statamiccms>= 0 < 3.4.133.4.13
statamiccms>= 4.0.0 < 4.33.04.33.0
statamicstatamic< 3.4.133.4.13
statamicstatamic>= 4.0.0 < 4.33.04.33.0
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.