CVE-2024-52291
📋 TL;DR
CVE-2024-52291 is a path traversal vulnerability in CraftCMS that allows authenticated administrators to bypass local file system validation using a double file:// scheme. This enables attackers to specify sensitive folders, potentially leading to file overwriting, unauthorized file access, and remote code execution via Server-Side Template Injection. Only systems with authenticated administrator accounts and allowAdminChanges enabled are affected.
💻 Affected Systems
- CraftCMS
📦 What is this software?
Craft Cms by Craftcms
Craft Cms by Craftcms
Craft Cms by Craftcms
Craft Cms by Craftcms
Craft Cms by Craftcms
Craft Cms by Craftcms
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution through SSTI payloads leading to complete system compromise, data exfiltration, and persistent backdoor installation.
Likely Case
Unauthorized access to sensitive files and potential file overwriting in web-accessible directories.
If Mitigated
Limited impact with proper access controls, file permissions, and monitoring in place.
🎯 Exploit Status
Exploitation requires admin credentials and specific configuration
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 5.4.6 or 4.12.5
Vendor Advisory: https://github.com/craftcms/cms/security/advisories/GHSA-jrh5-vhr9-qh7q
Restart Required: No
Instructions:
1. Backup your CraftCMS installation and database. 2. Update to CraftCMS 5.4.6 (for Craft 5) or 4.12.5 (for Craft 4). 3. Verify the update completed successfully. 4. Test core functionality.
🔧 Temporary Workarounds
Disable allowAdminChanges
allSet allowAdminChanges to false in config/general.php to prevent admin panel changes that could trigger the vulnerability
'allowAdminChanges' => false
Restrict Admin Access
allImplement strict access controls for admin accounts and use multi-factor authentication
🧯 If You Can't Patch
- Disable allowAdminChanges setting in configuration
- Implement strict file system permissions and monitor for unusual file access patterns
🔍 How to Verify
Check if Vulnerable:
Check CraftCMS version and verify allowAdminChanges is enabled in config/general.phpCheck Version:
Check CraftCMS version in admin panel or via composer show craftcms/cmsVerify Fix Applied:
Confirm version is 5.4.6 or higher (Craft 5) or 4.12.5 or higher (Craft 4)📡 Detection & Monitoring
Log Indicators:
- Unusual file://file://// patterns in request logs
- Admin panel file upload attempts with unusual paths
- SSTI payload patterns in file content
Network Indicators:
- Admin panel file upload requests with double file:// schemes
SIEM Query:
source="web_logs" AND (file://file://// OR "allowAdminChanges" AND file_upload)