Home > Vulnerability Database > CVE-2023-47129

Mend.io Vulnerability Database

CVE-2023-47129

Date: November 10, 2023

Statmic is a core Laravel content management system Composer package. Prior to versions 3.4.13 and 4.33.0, on front-end forms with an asset upload field, PHP files crafted to look like images may be uploaded. This only affects forms using the "Forms" feature and not just any arbitrary form. This does not affect the control panel. This issue has been patched in 3.4.13 and 4.33.0.

Language: PHP

Severity Score

8.3

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-47129

Url: https://github.com/statamic/cms

Url: https://github.com/statamic/cms/commit/098ef8024d97286ca501273c18ae75b646262d75

Url: https://github.com/statamic/cms/commit/f6c688154f6bdbd0b67039f8f11dcd98ba061e77

Url: https://github.com/statamic/cms/security/advisories/GHSA-72hg-5wr5-rmfc

Url: https://www.mend.io/vulnerability-database/CVE-2023-47129

Severity Score

8.3

Weakness Type (CWE)

Unrestricted Upload of File with Dangerous Type

CWE-434

CVSS v3.1

Base Score:	8.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-47129

Date: November 10, 2023

Language: PHP

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?