Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-rnrk-n64t-ybhw
Vulnerability ID VCID-rnrk-n64t-ybhw
Aliases CVE-2023-47129
GHSA-72hg-5wr5-rmfc
Summary Statmic is a core Laravel content management system Composer package. Prior to versions 3.4.13 and 4.33.0, on front-end forms with an asset upload field, PHP files crafted to look like images may be uploaded. This only affects forms using the "Forms" feature and not just _any_ arbitrary form. This does not affect the control panel. This issue has been patched in 3.4.13 and 4.33.0.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-434 Unrestricted Upload of File with Dangerous Type
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.05963 https://api.first.org/data/v1/epss?cve=CVE-2023-47129
epss 0.05963 https://api.first.org/data/v1/epss?cve=CVE-2023-47129
epss 0.05963 https://api.first.org/data/v1/epss?cve=CVE-2023-47129
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-72hg-5wr5-rmfc
cvssv3.1 8.3 https://github.com/statamic/cms
generic_textual HIGH https://github.com/statamic/cms
cvssv3.1 8.3 https://github.com/statamic/cms/commit/098ef8024d97286ca501273c18ae75b646262d75
cvssv3.1 8.4 https://github.com/statamic/cms/commit/098ef8024d97286ca501273c18ae75b646262d75
generic_textual HIGH https://github.com/statamic/cms/commit/098ef8024d97286ca501273c18ae75b646262d75
ssvc Track https://github.com/statamic/cms/commit/098ef8024d97286ca501273c18ae75b646262d75
cvssv3.1 8.3 https://github.com/statamic/cms/commit/f6c688154f6bdbd0b67039f8f11dcd98ba061e77
cvssv3.1 8.4 https://github.com/statamic/cms/commit/f6c688154f6bdbd0b67039f8f11dcd98ba061e77
generic_textual HIGH https://github.com/statamic/cms/commit/f6c688154f6bdbd0b67039f8f11dcd98ba061e77
ssvc Track https://github.com/statamic/cms/commit/f6c688154f6bdbd0b67039f8f11dcd98ba061e77
cvssv3.1 8.3 https://github.com/statamic/cms/security/advisories/GHSA-72hg-5wr5-rmfc
cvssv3.1 8.4 https://github.com/statamic/cms/security/advisories/GHSA-72hg-5wr5-rmfc
cvssv3.1_qr HIGH https://github.com/statamic/cms/security/advisories/GHSA-72hg-5wr5-rmfc
generic_textual HIGH https://github.com/statamic/cms/security/advisories/GHSA-72hg-5wr5-rmfc
ssvc Track https://github.com/statamic/cms/security/advisories/GHSA-72hg-5wr5-rmfc
cvssv3.1 8.3 https://nvd.nist.gov/vuln/detail/CVE-2023-47129
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2023-47129
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2023-47129
https://github.com/statamic/cms
https://nvd.nist.gov/vuln/detail/CVE-2023-47129
098ef8024d97286ca501273c18ae75b646262d75 https://github.com/statamic/cms/commit/098ef8024d97286ca501273c18ae75b646262d75
f6c688154f6bdbd0b67039f8f11dcd98ba061e77 https://github.com/statamic/cms/commit/f6c688154f6bdbd0b67039f8f11dcd98ba061e77
GHSA-72hg-5wr5-rmfc https://github.com/advisories/GHSA-72hg-5wr5-rmfc
GHSA-72hg-5wr5-rmfc https://github.com/statamic/cms/security/advisories/GHSA-72hg-5wr5-rmfc
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://github.com/statamic/cms
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://github.com/statamic/cms/commit/098ef8024d97286ca501273c18ae75b646262d75
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://github.com/statamic/cms/commit/098ef8024d97286ca501273c18ae75b646262d75
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-03T17:21:20Z/ Found at https://github.com/statamic/cms/commit/098ef8024d97286ca501273c18ae75b646262d75
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://github.com/statamic/cms/commit/f6c688154f6bdbd0b67039f8f11dcd98ba061e77
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://github.com/statamic/cms/commit/f6c688154f6bdbd0b67039f8f11dcd98ba061e77
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-03T17:21:20Z/ Found at https://github.com/statamic/cms/commit/f6c688154f6bdbd0b67039f8f11dcd98ba061e77
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://github.com/statamic/cms/security/advisories/GHSA-72hg-5wr5-rmfc
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://github.com/statamic/cms/security/advisories/GHSA-72hg-5wr5-rmfc
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-03T17:21:20Z/ Found at https://github.com/statamic/cms/security/advisories/GHSA-72hg-5wr5-rmfc
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-47129
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.90861
EPSS Score 0.05963
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T17:28:36.812137+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2023/47xxx/CVE-2023-47129.json 38.6.0