CVE-2024-52293 - Craft CMS Remote Code Execution via Twig SSTI Vulnerability

1 week ago 3
ARTICLE AD BOX
CVE ID : CVE-2024-52293
Published : Nov. 13, 2024, 4:15 p.m. | 24 minutes ago
Description : Craft is a content management system (CMS). Prior to 4.12.2 and 5.4.3, Craft is missing normalizePath in the function FileHelper::absolutePath could lead to Remote Code Execution on the server via twig SSTI. This is a sequel to CVE-2023-40035. This vulnerability is fixed in 4.12.2 and 5.4.3.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Read Entire Article