CVE-2023-48217
unknown
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
โ
Description
Statamic CMS vulnerable to remote code execution via form uploads
Predictions
Exploit likelihood
30%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Packagist | statamic/cms | >=4.0.0,<4.34.0 | 4.34.0 |
| Packagist | statamic/cms | <3.4.14 | 3.4.14 |
References
- https://github.com/statamic/cms/security/advisories/GHSA-2r53-9295-3m86
- https://nvd.nist.gov/vuln/detail/CVE-2023-48217
- https://github.com/statamic/cms/pull/8991
- https://github.com/statamic/cms/pull/8992
- https://github.com/statamic/cms/commit/4c6fe041e2203a8033e5949ce4a5d9d6c0ad2411
- https://github.com/statamic/cms/commit/da28afde818d605179fbb63b96eabafabad876b6
- https://github.com/statamic/cms
- https://github.com/statamic/cms/releases/tag/v3.4.14
- https://github.com/statamic/cms/releases/tag/v4.34.0
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.