CVE-2023-47129 Information

Description

Statmic is a core Laravel content management system Composer package. Prior to versions 3.4.13 and 4.33.0 on front-end forms with an asset upload field PHP files crafted to look like images may be uploaded. This only affects forms using the \Forms\ feature and not just any arbitrary form. This does not affect the control panel. This issue has been patched in 3.4.13 and 4.33.0.

Reference

https://github.com/statamic/cms/security/advisories/GHSA-72hg-5wr5-rmfc https://github.com/statamic/cms/commit/098ef8024d97286ca501273c18ae75b646262d75 https://github.com/statamic/cms/commit/f6c688154f6bdbd0b67039f8f11dcd98ba061e77