CVE-2023-40035: Craft CMS vulnerable to Remote Code Execution via validatePath bypass
(updated )
Bypassing the validatePath function can lead to potential Remote Code Execution (Post-authentication, ALLOW_ADMIN_CHANGES=true)
References
- github.com/advisories/GHSA-44wr-rmwq-3phw
- github.com/craftcms/cms
- github.com/craftcms/cms/commit/0bd33861abdc60c93209cff03eeee54504d3d3b5
- github.com/craftcms/cms/releases/tag/3.8.15
- github.com/craftcms/cms/releases/tag/4.4.15
- github.com/craftcms/cms/security/advisories/GHSA-44wr-rmwq-3phw
- nvd.nist.gov/vuln/detail/CVE-2023-40035
Code Behaviors & Features
Detect and mitigate CVE-2023-40035 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →