Lucene search
K

99 matches found

CVE
CVE
added 2023/11/21 10:34 p.m.80 views

CVE-2023-48701

Statamic CMS (Laravel/Git) suffers a Cross-site Scripting (XSS) via uploaded assets vulnerability (CVE-2023-48701). Before versions 3.4.15 and 4.36.0, HTML files crafted to look like images could be uploaded regardless of MIME validation via front-end Forms assets fields or the authenticated cont...

7.5CVSS6.7AI score0.007EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/11/21 10:34 p.m.20 views

CVE-2023-48701 Statamic CMS vulnerable to Cross-site Scripting via uploaded assets

Statamic CMS is a Laravel and Git powered content management system CMS. Prior to versions 3.4.15 an 4.36.0, HTML files crafted to look like images may be uploaded regardless of mime validation. This is only applicable on front-end forms using the "Forms" feature containing an assets field, or...

7.5CVSS6.4AI score0.007EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/11/21 12:0 a.m.15 views

PT-2023-30910 · Unknown · Statamic Cms

Name of the Vulnerable Software and Affected Versions: Statamic CMS versions prior to 3.4.15 and 4.36.0 Description: The issue allows HTML files crafted to look like images to be uploaded, bypassing mime validation. This is applicable on front-end forms using the "Forms" feature with an assets...

7.5CVSS6.4AI score0.007EPSS
Exploits0References10
Veracode
Veracode
added 2023/11/15 7:10 a.m.23 views

Remote Code Execution (RCE)

statamic/cms is vulnerable to Remote Code Execution RCE. This vulnerability impacts both front-end forms employing the Forms feature and asset upload fields in the control panel. Malicious actors can exploit this loophole to introduce and execute arbitrary code via uploading image files...

8.8CVSS8.6AI score0.01104EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2023/11/14 10:25 p.m.47 views

Statamic CMS vulnerable to remote code execution via form uploads

Impact Similar to another advisory, certain additional PHP files crafted to look like images may be uploaded regardless of mime type validation rules. This affects front-end forms using the "Forms" feature, and asset upload fields in the control panel. Patches It has been patched in 3.4.14 and...

8.8CVSS6.9AI score0.01104EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2023/11/14 10:25 p.m.17 views

GHSA-2R53-9295-3M86 Statamic CMS vulnerable to remote code execution via form uploads

Impact Similar to another advisory, certain additional PHP files crafted to look like images may be uploaded regardless of mime type validation rules. This affects front-end forms using the "Forms" feature, and asset upload fields in the control panel. Patches It has been patched in 3.4.14 and...

8.8CVSS8.7AI score0.01104EPSS
Exploits0References9
NVD
NVD
added 2023/11/14 10:15 p.m.32 views

CVE-2023-48217

Statamic is a flat-first, Laravel + Git powered CMS designed for building websites. In affected versions certain additional PHP files crafted to look like images may be uploaded regardless of mime type validation rules. This affects front-end forms using the "Forms" feature, and asset upload fiel...

8.8CVSS0.01104EPSS
Exploits0References2
Prion
Prion
added 2023/11/14 10:15 p.m.17 views

Input validation

Statamic is a flat-first, Laravel + Git powered CMS designed for building websites. In affected versions certain additional PHP files crafted to look like images may be uploaded regardless of mime type validation rules. This affects front-end forms using the "Forms" feature, and asset upload fiel...

6.5CVSS7.2AI score0.01104EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/11/14 9:38 p.m.12 views

CVE-2023-48217 Remote code execution via form uploads in statamic/cms

Statamic is a flat-first, Laravel + Git powered CMS designed for building websites. In affected versions certain additional PHP files crafted to look like images may be uploaded regardless of mime type validation rules. This affects front-end forms using the "Forms" feature, and asset upload fiel...

8.8CVSS6.9AI score0.01104EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/11/14 9:38 p.m.32 views

CVE-2023-48217 Remote code execution via form uploads in statamic/cms

Statamic is a flat-first, Laravel + Git powered CMS designed for building websites. In affected versions certain additional PHP files crafted to look like images may be uploaded regardless of mime type validation rules. This affects front-end forms using the "Forms" feature, and asset upload fiel...

8.8CVSS9AI score0.01104EPSS
Exploits0References2
OSV
OSV
added 2023/11/12 3:57 p.m.29 views

GHSA-72HG-5WR5-RMFC Statamic CMS remote code execution via front-end form uploads

Impact On front-end forms with an asset upload field, PHP files crafted to look like images may be uploaded regardless of mime validation rules. This only affects forms using the "Forms" feature and not just any arbitrary form. This does not affect the control panel. Patches It has been patched i...

8.3CVSS9.2AI score0.01121EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2023/11/12 3:57 p.m.34 views

Statamic CMS remote code execution via front-end form uploads

Impact On front-end forms with an asset upload field, PHP files crafted to look like images may be uploaded regardless of mime validation rules. This only affects forms using the "Forms" feature and not just any arbitrary form. This does not affect the control panel. Patches It has been patched i...

9.8CVSS7.2AI score0.01121EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2023/11/10 6:48 p.m.15 views

CVE-2023-47129 Statamic CMS remote code execution via front-end form uploads

Statmic is a core Laravel content management system Composer package. Prior to versions 3.4.13 and 4.33.0, on front-end forms with an asset upload field, PHP files crafted to look like images may be uploaded. This only affects forms using the "Forms" feature and not just any arbitrary form. This...

8.3CVSS7.2AI score0.01121EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/11/10 6:48 p.m.43 views

CVE-2023-47129 Statamic CMS remote code execution via front-end form uploads

Statmic is a core Laravel content management system Composer package. Prior to versions 3.4.13 and 4.33.0, on front-end forms with an asset upload field, PHP files crafted to look like images may be uploaded. This only affects forms using the "Forms" feature and not just any arbitrary form. This...

8.3CVSS9.7AI score0.01121EPSS
Exploits0References3
Veracode
Veracode
added 2023/07/06 7:7 a.m.21 views

Cross-Site Scripting (XSS)

statamic/cms is vulnerable to Cross-Site Scripting XSS. The vulnerability exists in the index function at Svg.php because the SVG tag does not sanitize malicious SVG which allows an attacker to inject and execute arbitrary JavaScript...

5.5CVSS6.5AI score0.0055EPSS
Exploits1References6Affected Software1
Veracode
Veracode
added 2022/03/28 7:20 a.m.26 views

Information Disclosure

statamic/cms is vulnerable to information disclosure. The vulnerability exists because it allows to filer a user by password hash which allows an attacker to gain access to sensitive information using a specially crafted regular expression filter in the users endpoint of REST API...

3.7CVSS4.6AI score0.00994EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2022/03/25 10:15 p.m.12 views

CVE-2022-24784

Statamic is a Laravel and Git powered CMS. Before versions 3.2.39 and 3.3.2, it is possible to confirm a single character of a user's password hash using a specially crafted regular expression filter in the users endpoint of the REST API. Multiple such requests can eventually uncover the entire...

4.3CVSS0.00994EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/03/25 9:40 p.m.19 views

CVE-2022-24784 Discoverability of user password hash in Statamic CMS

Statamic is a Laravel and Git powered CMS. Before versions 3.2.39 and 3.3.2, it is possible to confirm a single character of a user's password hash using a specially crafted regular expression filter in the users endpoint of the REST API. Multiple such requests can eventually uncover the entire...

3.7CVSS4.6AI score0.00994EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/03/25 9:40 p.m.10 views

CVE-2022-24784 Discoverability of user password hash in Statamic CMS

Statamic is a Laravel and Git powered CMS. Before versions 3.2.39 and 3.3.2, it is possible to confirm a single character of a user's password hash using a specially crafted regular expression filter in the users endpoint of the REST API. Multiple such requests can eventually uncover the entire...

3.7CVSS4.2AI score0.00994EPSS
Exploits0References3
Rows per page
Query Builder