VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-z2qu-kkwp-dfew

Essentials
Severities (18)
References (8)
Severity details (16)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-z2qu-kkwp-dfew
Aliases	CVE-2024-52600 GHSA-p7f6-8mcm-fwv3
Summary	Statmatic is a Laravel and Git powered content management system (CMS). Prior to version 5.17.0, assets uploaded with appropriately crafted filenames may result in them being placed in a location different than what was configured. The issue affects front-end forms with `assets` fields and other places where assets can be uploaded, although users would need upload permissions anyway. Files can be uploaded so they would be located on the server in a different location, and potentially override existing files. Traversal outside an asset container is not possible. This path traversal vulnerability has been fixed in 5.17.0.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-22	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.00386	https://api.first.org/data/v1/epss?cve=CVE-2024-52600
epss	0.00386	https://api.first.org/data/v1/epss?cve=CVE-2024-52600
cvssv3.1	5.3	https://github.com/statamic/cms
generic_textual	MODERATE	https://github.com/statamic/cms
cvssv3.1	5.3	https://github.com/statamic/cms/commit/0c07c10009a2439c8ee56c8faefd1319dc6e388d
generic_textual	MODERATE	https://github.com/statamic/cms/commit/0c07c10009a2439c8ee56c8faefd1319dc6e388d
ssvc	Track	https://github.com/statamic/cms/commit/0c07c10009a2439c8ee56c8faefd1319dc6e388d
cvssv3.1	5.3	https://github.com/statamic/cms/commit/400875b20f40e1343699d536a432a6fc284346da
generic_textual	MODERATE	https://github.com/statamic/cms/commit/400875b20f40e1343699d536a432a6fc284346da
ssvc	Track	https://github.com/statamic/cms/commit/400875b20f40e1343699d536a432a6fc284346da
cvssv3.1	5.3	https://github.com/statamic/cms/commit/4cc2c9bd0f39a93b3fc7e9ef0f12792576fd380d
generic_textual	MODERATE	https://github.com/statamic/cms/commit/4cc2c9bd0f39a93b3fc7e9ef0f12792576fd380d
ssvc	Track	https://github.com/statamic/cms/commit/4cc2c9bd0f39a93b3fc7e9ef0f12792576fd380d
cvssv3.1	5.3	https://github.com/statamic/cms/security/advisories/GHSA-p7f6-8mcm-fwv3
generic_textual	MODERATE	https://github.com/statamic/cms/security/advisories/GHSA-p7f6-8mcm-fwv3
ssvc	Track	https://github.com/statamic/cms/security/advisories/GHSA-p7f6-8mcm-fwv3
cvssv3.1	5.3	https://nvd.nist.gov/vuln/detail/CVE-2024-52600
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2024-52600

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2024-52600
		https://github.com/statamic/cms
		https://nvd.nist.gov/vuln/detail/CVE-2024-52600
0c07c10009a2439c8ee56c8faefd1319dc6e388d		https://github.com/statamic/cms/commit/0c07c10009a2439c8ee56c8faefd1319dc6e388d
400875b20f40e1343699d536a432a6fc284346da		https://github.com/statamic/cms/commit/400875b20f40e1343699d536a432a6fc284346da
4cc2c9bd0f39a93b3fc7e9ef0f12792576fd380d		https://github.com/statamic/cms/commit/4cc2c9bd0f39a93b3fc7e9ef0f12792576fd380d
GHSA-p7f6-8mcm-fwv3		https://github.com/advisories/GHSA-p7f6-8mcm-fwv3
GHSA-p7f6-8mcm-fwv3		https://github.com/statamic/cms/security/advisories/GHSA-p7f6-8mcm-fwv3

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/statamic/cms

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/statamic/cms/commit/0c07c10009a2439c8ee56c8faefd1319dc6e388d

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-20T16:41:07Z/ Found at https://github.com/statamic/cms/commit/0c07c10009a2439c8ee56c8faefd1319dc6e388d

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/statamic/cms/commit/400875b20f40e1343699d536a432a6fc284346da

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-20T16:41:07Z/ Found at https://github.com/statamic/cms/commit/400875b20f40e1343699d536a432a6fc284346da

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/statamic/cms/commit/4cc2c9bd0f39a93b3fc7e9ef0f12792576fd380d

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-20T16:41:07Z/ Found at https://github.com/statamic/cms/commit/4cc2c9bd0f39a93b3fc7e9ef0f12792576fd380d

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/statamic/cms/security/advisories/GHSA-p7f6-8mcm-fwv3

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-20T16:41:07Z/ Found at https://github.com/statamic/cms/security/advisories/GHSA-p7f6-8mcm-fwv3

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-52600

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.60225
EPSS Score	0.00386
Published At	June 11, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-10T18:35:00.949775+00:00	Vulnrichment	Import	https://github.com/cisagov/vulnrichment/blob/develop/2024/52xxx/CVE-2024-52600.json	38.6.0