Platform
php
Component
craftcms/cms
Opgelost in
5.0.1
3.5.14
5.4.9
CVE-2024-52292 is a high-severity vulnerability affecting Craft CMS versions 5.4.8 and earlier. This vulnerability allows attackers with write access to system notification templates to read arbitrary operating system files. By abusing the dataUrl function within these templates, attackers can exfiltrate file content as Base64-encoded strings via triggered system email notifications. A patch is available in version 5.4.9.
The impact of CVE-2024-52292 is significant due to the potential for sensitive data exposure. An attacker who can modify system notification templates can read any file accessible to the web server process. This could include configuration files containing database credentials, API keys, or other sensitive information. Successful exploitation could lead to complete system compromise, data breaches, and unauthorized access to internal resources. The ability to exfiltrate data via email provides a relatively stealthy attack vector, making detection more challenging. This vulnerability shares similarities with other file disclosure vulnerabilities where template engines or data serialization functions are misused to access arbitrary files.
CVE-2024-52292 was publicly disclosed on November 13, 2024. There is currently no indication of active exploitation in the wild, but the availability of a relatively straightforward exploitation technique increases the risk. No public proof-of-concept code has been released as of this writing. The vulnerability is not currently listed on the CISA KEV catalog.
Organizations using Craft CMS in environments where system notification templates are writable by untrusted users are at significant risk. This includes development environments, shared hosting environments, and deployments with overly permissive file permissions. Sites relying on Craft CMS for sensitive data processing or storage are particularly vulnerable.
• php / server:
find /path/to/craft/templates -name '*notification.php*' -print0 | xargs -0 grep -i 'dataUrl\(' • php / server:
journalctl -u php-fpm -f | grep -i "dataUrl"• generic web: Inspect system notification email content for Base64-encoded strings that might represent file contents.
disclosure
Exploit Status
EPSS
0.32% (55% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation for CVE-2024-52292 is to upgrade Craft CMS to version 5.4.9 or later, which includes the fix. If upgrading immediately is not possible, restrict write access to system notification templates to authorized users only. Implement strict input validation and sanitization on any user-provided data used in template rendering. Consider using a Web Application Firewall (WAF) to detect and block requests containing suspicious patterns related to file access. Monitor system logs for unusual activity, particularly related to email notifications and file access attempts. After upgrade, confirm the fix by attempting to trigger a system notification with a template containing the vulnerable dataUrl function and verifying that file access is denied.
Actualice Craft CMS a la versión 5.4.9 o superior, o a la versión 4.12.8 o superior. Esto corrige la vulnerabilidad que permite la lectura de archivos arbitrarios. La actualización se puede realizar a través del panel de control de Craft CMS o mediante Composer.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2024-52292 is a high-severity vulnerability in Craft CMS versions 5.4.8 and earlier that allows attackers to read arbitrary operating system files by abusing notification templates.
You are affected if you are using Craft CMS version 5.4.8 or earlier and have users with write access to system notification templates.
Upgrade Craft CMS to version 5.4.9 or later to remediate the vulnerability. Restrict write access to notification templates as an interim measure.
There is currently no indication of active exploitation in the wild, but the vulnerability is considered high-risk due to the ease of exploitation.
Refer to the official Craft CMS security advisory: [https://craftcms.com/support/security](https://craftcms.com/support/security)
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.