CVE-2023-47129
Statamic CMS remote code execution via front-end form uploads
8.3
HIGH
CVSS 3.1
EPSS 6.0%
Description
### Impact On front-end forms with an asset upload field, PHP files crafted to look like images may be uploaded regardless of mime validation rules. This only affects forms using the "Forms" feature and not just _any_ arbitrary form. This does not affect the control panel. ### Patches It has been patched in 3.4.13 and 4.33.0.
How to fix CVE-2023-47129
To remediate CVE-2023-47129, upgrade the affected package to a fixed version below.
- —upgrade to 4.33.0 or later
Is CVE-2023-47129 being exploited?
Moderate — EPSS is 6.0%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- >= 4.0.0, < 4.33.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.3 | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H |