8 matches found
CVE-2026-28425
Statmatic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.16 and 6.7.2, an authenticated control panel user with access to Antlers-enabled inputs may be able to achieve remote code execution in the application context. That can lead to full compromise of the...
Statamic vulnerable to remote code execution via Antlers-enabled control panel inputs
Impact An authenticated control panel user with access to Antlers-enabled inputs may be able to achieve remote code execution in the application context. That can lead to full compromise of the application, including access to sensitive configuration, modification or exfiltration of data, and...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the Antlers-enabled control panel inputs. An attacker can execute arbitrary code in the application context by submitting specially crafted content to fields. This can result in full compromise of the...
GHSA-CPV7-Q2WX-M8RW Statamic vulnerable to remote code execution via Antlers-enabled control panel inputs
Impact An authenticated control panel user with access to Antlers-enabled inputs may be able to achieve remote code execution in the application context. That can lead to full compromise of the application, including access to sensitive configuration, modification or exfiltration of data, and...
CVE-2026-28425
Statmatic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.16 and 6.7.2, an authenticated control panel user with access to Antlers-enabled inputs may be able to achieve remote code execution in the application context. That can lead to full compromise of the...
CVE-2026-28425 Statamic vulnerable to remote code execution via Antlers-enabled control panel inputs
Statmatic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.16 and 6.7.2, an authenticated control panel user with access to Antlers-enabled inputs may be able to achieve remote code execution in the application context. That can lead to full compromise of the...
CVE-2026-28425
Statmatic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.16 and 6.7.2, an authenticated control panel user with access to Antlers-enabled inputs may be able to achieve remote code execution in the application context. That can lead to full compromise of the...
PT-2026-22424
Name of the Vulnerable Software and Affected Versions Statamic versions prior to 5.73.11 Statamic versions prior to 6.4.0 Description Statamic is a Laravel and Git powered content management system CMS. An authenticated control panel user with access to Antlers-enabled inputs may be able to achie...