CVE-2024-52291

Craft is a content management system (CMS). A vulnerability in CraftCMS allows an attacker to bypass local file system validation by utilizing a double file:// scheme (e.g., file://file:////). This enables the attacker to specify sensitive folders as the file system, leading to potential file overwriting through malicious uploads, unauthorized access to sensitive files, and, under certain conditions, remote code execution (RCE) via Server-Side Template Injection (SSTI) payloads. Note that this will only work if you have an authenticated administrator account with allowAdminChanges enabled. This is fixed in 5.4.6 and 4.12.5.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*
cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*
cpe:2.3:a:craftcms:craft_cms:4.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:craftcms:craft_cms:4.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:craftcms:craft_cms:4.0.0:rc3:*:*:*:*:*:*
cpe:2.3:a:craftcms:craft_cms:5.0.0:rc1:*:*:*:*:*:*

History

19 Nov 2024, 18:06

Type Values Removed Values Added
CPE cpe:2.3:a:craftcms:craft_cms:4.0.0:rc3:*:*:*:*:*:*
cpe:2.3:a:craftcms:craft_cms:4.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:craftcms:craft_cms:4.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*
cpe:2.3:a:craftcms:craft_cms:5.0.0:rc1:*:*:*:*:*:*
First Time Craftcms
Craftcms craft Cms
CVSS v2 : unknown
v3 : 8.4
v2 : unknown
v3 : 7.2
References () https://github.com/craftcms/cms/security/advisories/GHSA-jrh5-vhr9-qh7q - () https://github.com/craftcms/cms/security/advisories/GHSA-jrh5-vhr9-qh7q - Exploit, Vendor Advisory

15 Nov 2024, 14:00

Type Values Removed Values Added
Summary
  • (es) Craft es un sistema de gestión de contenido (CMS). Una vulnerabilidad en CraftCMS permite a un atacante eludir la validación del sistema de archivos local mediante un esquema file:// doble (por ejemplo, file://file:////). Esto permite al atacante especificar carpetas confidenciales como sistema de archivos, lo que lleva a una posible sobrescritura de archivos mediante cargas maliciosas, acceso no autorizado a archivos confidenciales y, en determinadas condiciones, ejecución remota de código (RCE) mediante payloads de Server-Side Template Injection (SSTI). Tenga en cuenta que esto solo funcionará si tiene una cuenta de administrador autenticada con allowAdminChanges habilitado. Esto se solucionó en 5.4.6 y 4.12.5.

13 Nov 2024, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-11-13 17:15

Updated : 2024-11-19 18:06


NVD link : CVE-2024-52291

Mitre link : CVE-2024-52291

CVE.ORG link : CVE-2024-52291


JSON object : View

Products Affected

craftcms

  • craft_cms
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')