Craft is a content management system (CMS). A vulnerability in CraftCMS allows an attacker to bypass local file system validation by utilizing a double file:// scheme (e.g., file://file:////). This enables the attacker to specify sensitive folders as the file system, leading to potential file overwriting through malicious uploads, unauthorized access to sensitive files, and, under certain conditions, remote code execution (RCE) via Server-Side Template Injection (SSTI) payloads. Note that this will only work if you have an authenticated administrator account with allowAdminChanges enabled. This is fixed in 5.4.6 and 4.12.5.
References
Link | Resource |
---|---|
https://github.com/craftcms/cms/security/advisories/GHSA-jrh5-vhr9-qh7q | Exploit Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
19 Nov 2024, 18:06
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:craftcms:craft_cms:4.0.0:rc3:*:*:*:*:*:* cpe:2.3:a:craftcms:craft_cms:4.0.0:rc1:*:*:*:*:*:* cpe:2.3:a:craftcms:craft_cms:4.0.0:rc2:*:*:*:*:*:* cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:* cpe:2.3:a:craftcms:craft_cms:5.0.0:rc1:*:*:*:*:*:* |
|
First Time |
Craftcms
Craftcms craft Cms |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.2 |
References | () https://github.com/craftcms/cms/security/advisories/GHSA-jrh5-vhr9-qh7q - Exploit, Vendor Advisory |
15 Nov 2024, 14:00
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
13 Nov 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-11-13 17:15
Updated : 2024-11-19 18:06
NVD link : CVE-2024-52291
Mitre link : CVE-2024-52291
CVE.ORG link : CVE-2024-52291
JSON object : View
Products Affected
craftcms
- craft_cms
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')