Path Traversal Vulnerability in Statamic CMS by Statamic
CVE-2024-52600

Currently unrated

Key Information:

Vendor: Statamic
Status: Statamic CMS
Vendor: CVE Published:; 19 November 2024

What is CVE-2024-52600?

A path traversal vulnerability exists in Statamic CMS prior to version 5.17.0, where improperly crafted filenames during asset uploads can lead to files being stored in unintended locations. This flaw primarily affects front-end forms that allow asset uploads. Although users must have upload permissions, the risk remains as uploaded files can potentially overwrite existing files on the server. Fortunately, traversal outside designated asset containers is not possible, and this vulnerability has been addressed in the latest version.

References

https://github.com/statamic/cms/security/advisories/GHSA-...

https://github.com/statamic/cms/commit/0c07c10009a2439c8e...

https://github.com/statamic/cms/commit/400875b20f40e13436...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 19, 2024

CVE-2024-52600 Data

JSON