cbcvebase.
CVE-2024-52291
published 2024-11-13

CVE-2024-52291: Craft is a content management system (CMS). A vulnerability in CraftCMS allows an attacker to bypass local file system validation by utilizing a double file://…

PriorityP343high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
1.14%
62.6th percentile
Craft is a content management system (CMS). A vulnerability in CraftCMS allows an attacker to bypass local file system validation by utilizing a double file:// scheme (e.g., file://file:////). This enables the attacker to specify sensitive folders as the file system, leading to potential file overwriting through malicious uploads, unauthorized access to sensitive files, and, under certain conditions, remote code execution (RCE) via Server-Side Template Injection (SSTI) payloads. Note that this will only work if you have an authenticated administrator account with allowAdminChanges enabled. This is fixed in 5.4.6 and 4.12.5.

Affected

8 ranges
VendorProductVersion rangeFixed in
craftcmscms
craftcmscms
craftcmscms>= 4.0.0-RC1 < 4.12.54.12.5
craftcmscms>= 5.0.0-RC1 < 5.4.65.4.6
craftcmscraft_cms< 4.12.54.12.5
craftcmscraft_cms< 5.4.65.4.6
craftcmscraft_cms
craftcmscraft_cms
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.