Craft CMS Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability - CVE-2024-52291 - Vulnerability Database

Craft CMS Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability - CVE-2024-52291

High
Reference: CVE-2024-52291
Title: Craft CMS Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Overview:

Craft is a content management system (CMS). A vulnerability in CraftCMS allows an attacker to bypass local file system validation by utilizing a double file:// scheme (e.g. file://file:////). This enables the attacker to specify sensitive folders as the file system leading to potential file overwriting through malicious uploads unauthorized access to sensitive files and under certain conditions remote code execution (RCE) via Server-Side Template Injection (SSTI) payloads. Note that this will only work if you have an authenticated administrator account with allowAdminChanges enabled. This is fixed in 5.4.6 and 4.12.5.