CVE-2024-52292Path Traversal in Craft CMS

CWE-22Path TraversalCWE-552Files or Directories Accessible to External Parties4 documents4 sources
Severity
6.5MEDIUMNVD
CNA7.7
EPSS
0.4%
top 37.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Craftcms Craft CMSCraftcms CMS
Timeline
PublishedNov 13

Description

Craft is a content management system (CMS). The dataUrl function can be exploited if an attacker has write permissions on system notification templates. This function accepts an absolute file path, reads the file's content, and converts it into a Base64-encoded string. By embedding this function within a system notification template, the attacker can exfiltrate the Base64-encoded file content through a triggered system email notification. Once the email is received, the Base64 payload can be dec

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

Packagistcraftcms/cms5.0.0-alpha.15.4.9+1
NVDcraftcms/craft_cms3.5.134.12.8+1
CVEListV5craftcms/cms>= 3.5.13, < 4.12.8, >= 5.0.0-alpha.1, < 5.4.9+1

🔴Vulnerability Details

3
CVEList
Craft Allows Attackers to Read Arbitrary System Files2024-11-13
OSV
Craft CMS Arbitrary System File Read2024-11-13
GHSA
Craft CMS Arbitrary System File Read2024-11-13
CVE-2024-52292 — Path Traversal in Craftcms Craft CMS | cvebase