CVE-2024-52600
CVSS 3.1 Score 5.3 of 10 (medium)
Details
Summary
CVE-2024-52600 is a path traversal vulnerability affecting version 5.16.9 and earlier of Statmatic, a Laravel and Git-powered content management system. Maliciously crafted asset filenames can result in the files being saved in a location other than the one configured, potentially overriding existing files. This issue impacts front-end forms with `assets` fields, as well as other areas of Statmatic where assets can be uploaded. Traversal outside the asset container is not possible, but the vulnerability could still lead to unintended file manipulation. The issue has been remedied in version 5.17.0.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.