Skip to content

Statamic CMS versions <4.33.0 vulnerable to "Remote Code Execution"

Notifications You must be signed in to change notification settings

Cyber-Wo0dy/CVE-2023-47129

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 

Repository files navigation

CVE-2023-47129 - Statamic CMS versions <4.33.0 - Remote Code Execution

Description

In versions <4.33.0 of Statamic CMS where the front-end has a form with active file upload, it is possible to send PHP files created to look like images, regardless of the mime validation rules. This vulnerability allows an attacker to upload arbitrary and potentially dangerous files and even execute server-side scripts.

To Fix

Update Statamic CMS to version 4.33.0.

Steps to Reproduce:

1) In a Statamic CMS installation, create a form and its respective page.

2) In the form blueprint, include an Asset Field and in the “Validation” option select, for example, mimetypes:image/jpeg, mimes:jpg, image.

3) Create a polyglot jpg file with some php script, example:

exiftool -Comment="<?php phpinfo(); ?>" image.jpg

4) Rename this file to image.php.

5) On the form page, upload the created image.php file.

6) Now, to run this file just access https://yoursite.com/assets/image.php

Note: replace https://yoursite.com with the address of your test installation.

Reference

About

Statamic CMS versions <4.33.0 vulnerable to "Remote Code Execution"

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published