CVE-2024-52291
published 2024-11-13CVE-2024-52291: Craft is a content management system (CMS). A vulnerability in CraftCMS allows an attacker to bypass local file system validation by utilizing a double file://…
PriorityP343high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
1.14%
62.6th percentile
Craft is a content management system (CMS). A vulnerability in CraftCMS allows an attacker to bypass local file system validation by utilizing a double file:// scheme (e.g., file://file:////). This enables the attacker to specify sensitive folders as the file system, leading to potential file overwriting through malicious uploads, unauthorized access to sensitive files, and, under certain conditions, remote code execution (RCE) via Server-Side Template Injection (SSTI) payloads. Note that this will only work if you have an authenticated administrator account with allowAdminChanges enabled. This is fixed in 5.4.6 and 4.12.5.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| craftcms | cms | — | — |
| craftcms | cms | — | — |
| craftcms | cms | >= 4.0.0-RC1 < 4.12.5 | 4.12.5 |
| craftcms | cms | >= 5.0.0-RC1 < 5.4.6 | 5.4.6 |
| craftcms | craft_cms | < 4.12.5 | 4.12.5 |
| craftcms | craft_cms | < 5.4.6 | 5.4.6 |
| craftcms | craft_cms | — | — |
| craftcms | craft_cms | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Local File System Validation Bypass Leading to File Overwrite, Sensitive File Access, and Potential Code Execution
osv·2024-11-13
CVE-2024-52291 [HIGH] Local File System Validation Bypass Leading to File Overwrite, Sensitive File Access, and Potential Code Execution
Local File System Validation Bypass Leading to File Overwrite, Sensitive File Access, and Potential Code Execution
### Summary
A vulnerability in CraftCMS allows an attacker to bypass local file system validation by utilizing a double `file://` scheme (e.g., `file://file:////`). This enables the attacker to specify sensitive folders as the file system, leading to potential file overwriting through malicious uploads, unauthorized access to sensitive files, and, under certain conditions, remote code execution (RCE) via Server-Side Template Injection (SSTI) payloads.
Note that this will only work if you have an authenticated administrator account with [allowAdminChanges enabled](https://craftcms.com/docs/5.x/reference/config/general.html#allowadminchanges).
https://craftcms.com/knowledge-b
GHSA
Local File System Validation Bypass Leading to File Overwrite, Sensitive File Access, and Potential Code Execution
ghsa·2024-11-13
CVE-2024-52291 [HIGH] CWE-22 Local File System Validation Bypass Leading to File Overwrite, Sensitive File Access, and Potential Code Execution
Local File System Validation Bypass Leading to File Overwrite, Sensitive File Access, and Potential Code Execution
### Summary
A vulnerability in CraftCMS allows an attacker to bypass local file system validation by utilizing a double `file://` scheme (e.g., `file://file:////`). This enables the attacker to specify sensitive folders as the file system, leading to potential file overwriting through malicious uploads, unauthorized access to sensitive files, and, under certain conditions, remote code execution (RCE) via Server-Side Template Injection (SSTI) payloads.
Note that this will only work if you have an authenticated administrator account with [allowAdminChanges enabled](https://craftcms.com/docs/5.x/reference/config/general.html#allowadminchanges).
https://craftcms.com/knowledge-b
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-11-13
Published