CVE-2024-52292

Published: Nov 13, 2024

Modified: Nov 13, 2024

PUBLISHED

CVSS v3.1

7.7

HIGH

Description

Craft is a content management system (CMS). The dataUrl function can be exploited if an attacker has write permissions on system notification templates. This function accepts an absolute file path, reads the file's content, and converts it into a Base64-encoded string. By embedding this function within a system notification template, the attacker can exfiltrate the Base64-encoded file content through a triggered system email notification. Once the email is received, the Base64 payload can be decoded, allowing the attacker to read arbitrary files on the server. This is fixed in 5.4.9 and 4.12.8.

Vendor	Product	Versions
craftcms	cms	affected `>= 5.0.0-alpha.1, < 5.4.9` affected `>= 3.5.13, < 4.12.8`

Weaknesses (CWE)

CWE-552

CWE-22

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

References

https://github.com/craftcms/cms/security/advisories/GHSA-cw6g-qmjq-6w2w

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-52292

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References