CVE-2024-52600

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Nov 19, 2024
CWE ID 22

Summary

CVE-2024-52600 is a path traversal vulnerability affecting version 5.16.9 and earlier of Statmatic, a Laravel and Git-powered content management system. Maliciously crafted asset filenames can result in the files being saved in a location other than the one configured, potentially overriding existing files. This issue impacts front-end forms with `assets` fields, as well as other areas of Statmatic where assets can be uploaded. Traversal outside the asset container is not possible, but the vulnerability could still lead to unintended file manipulation. The issue has been remedied in version 5.17.0.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share