CVE-2024-52293
HIGHCVSS v3
7.2
HIGH
EPSS Score
17.4%
exploit probability
CISA KEV
No
known exploited
Exploitation
—
SSVC status
Description
Craft is a content management system (CMS). Prior to 4.12.2 and 5.4.3, Craft is missing normalizePath in the function FileHelper::absolutePath could lead to Remote Code Execution on the server via twig SSTI. This is a sequel to CVE-2023-40035. This vulnerability is fixed in 4.12.2 and 5.4.3.
Technical Details
- Published
- 11/13/2024
Frequently Asked Questions
What is CVE-2024-52293?
Craft is a content management system (CMS). Prior to 4.12.2 and 5.4.3, Craft is missing normalizePath in the function FileHelper::absolutePath could lead to Remote Code Execution on the server via twig SSTI. This is a sequel to CVE-2023-40035. This vulnerability is fixed in 4.12.2 and 5.4.3.
Is CVE-2024-52293 actively exploited?
Active exploitation of CVE-2024-52293 has not been confirmed. The EPSS score is 17.4%, indicating the estimated probability of exploitation in the next 30 days.
What is the CVSS score for CVE-2024-52293?
CVE-2024-52293 has a CVSS v3 base score of 7.2 (HIGH severity).
Is CVE-2024-52293 affecting your environment?
Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.