Description

Craft is a content management system (CMS). A vulnerability in CraftCMS allows an attacker to bypass local file system validation by utilizing a double file:// scheme (e.g., file://file:////). This enables the attacker to specify sensitive folders as the file system, leading to potential file overwriting through malicious uploads, unauthorized access to sensitive files, and, under certain conditions, remote code execution (RCE) via Server-Side Template Injection (SSTI) payloads. Note that this will only work if you have an authenticated administrator account with allowAdminChanges enabled. This is fixed in 5.4.6 and 4.12.5.

Remediation

References

CVE-2024-52291

Related Vulnerabilities

Craft CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2025-68436)

PHP Out-of-bounds Read Vulnerability (CVE-2018-10549)

Envoy Proxy Out-of-bounds Write Vulnerability (CVE-2024-34364)

Oracle Database Server CVE-2009-1969 Vulnerability (CVE-2009-1969)

WordPress Plugin wp superb Slideshow 'upload.php' Arbitrary File Upload (2.2)

Severity

High

Classification

CVE-2024-52291 CWE-22 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities