Cloud Vulnerability DB
An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues
Vulnerability DatabaseCVE-2024-24570
CVE-2024-24570:
PHP vulnerability analysis and mitigation
Overview
Statamic, a Laravel and Git powered CMS, was found to contain a Cross-Site Scripting (XSS) vulnerability identified as CVE-2024-24570. The vulnerability allows HTML files crafted to look like jpg files to be uploaded, enabling XSS attacks. This security issue affects front-end forms with asset fields without mime type validation, asset fields in the control panel, and the asset browser in the control panel. The vulnerability was discovered on January 6, 2024, by Niklas Schilling from SEC Consult Vulnerability Lab (SEC Advisory, GitHub Advisory).
Technical details
The vulnerability allows attackers to bypass file extension restrictions by uploading HTML files with a .jpg extension. The system analyzes the file's content and correctly interprets it as HTML, replacing the initial .jpg extension with .html. Since no additional checks are performed on the newly set file extension, the file appears as a valid submission in Statamic's Forms page. When an authenticated user accesses this submission, any included JavaScript code will be executed. The vulnerability affects Statamic CMS versions below 4.46.0 and below 3.4.17. The CVSS v3.1 base score for this vulnerability is 8.2 (High), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N (GitHub Advisory).
Impact
The vulnerability can lead to account takeover through a sophisticated attack chain. When exploited, an attacker can craft a malicious file that, when viewed by an admin user, can extract CSRF tokens, user information, and password reset codes. This information can then be used to reset the victim's password, effectively taking control of their account (SEC Advisory).
Mitigation and workarounds
The vulnerability has been patched in Statamic versions 4.46.0 and 3.4.17. The vendor has disabled the copy password reset link functionality while maintaining the ability to trigger password reset emails. Users are strongly advised to update to these patched versions immediately. Additionally, the vendor recommends implementing a correctly configured Content Security Policy (CSP) as described in Statamic's documentation (GitHub Advisory).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
Ready to see Wiz in action?
“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management