CVE-2022-24784 Discoverability of user password hash in Statamic CMS

Statamic is a Laravel and Git powered CMS. Before versions 3.2.39 and 3.3.2, it is possible to confirm a single character of a user's password hash using a specially crafted regular expression filter in the users endpoint of the REST API. Multiple such requests can eventually uncover the entire...

CVE-2022-24784

CVE-2022-24784 affects the Statamic CMS (Laravel/Git powered). Before versions 3.2.39 and 3.3.2, an attacker could confirm a single character of a user’s password hash by sending crafted requests to the REST API’s users endpoint using a regular expression filter. Repeated requests could gradually...

Statamic 加密问题漏洞

Statamic is a powerful flat file Cms built on Laravel by Statamic, Inc. for storing all content, templates, assets, and settings in a file instead of a database. Statamic suffers from a security vulnerability that stems from the fact that prior to versions 3.2.39 and 3.3.2, it was possible to...

PT-2022-16877 · Statamic · Statamic

Name of the Vulnerable Software and Affected Versions: Statamic versions prior to 3.2.39 Statamic versions prior to 3.3.2 Description: The issue allows an attacker to confirm a single character of a user's password hash using a specially crafted regular expression filter in the "users" endpoint o...

CVE-2021-45364

A Code Execution vulnerability exists in Statamic Version through 3.2.26 via SettingsController.php. NOTE: the vendor indicates that there was an error in publishing this CVE Record, and that all parties agree that the affected code was not used in any Statamic product...

CVE-2021-45364

A Code Execution vulnerability exists in Statamic Version through 3.2.26 via SettingsController.php. NOTE: the vendor indicates that there was an error in publishing this CVE Record, and that all parties agree that the affected code was not used in any Statamic product...

Remote code execution

DISPUTED A Code Execution vulnerability exists in Statamic Version through 3.2.26 via SettingsController.php. NOTE: the vendor indicates that there was an error in publishing this CVE Record, and that all parties agree that the affected code was not used in any Statamic product...

CVE-2021-45364

A Code Execution vulnerability exists in Statamic Version through 3.2.26 via SettingsController.php. NOTE: the vendor indicates that there was an error in publishing this CVE Record, and that all parties agree that the affected code was not used in any Statamic product...

CVE-2021-45364

CVE-2021-45364 affects Statamic up to version 3.2.26 via SettingsController.php, described as a Code Execution vulnerability. The vendor states there was an error publishing this CVE record and that the affected code was not used in any Statamic product, which is echoed by multiple sources (inclu...

CVE-2021-45364

A Code Execution vulnerability exists in Statamic Version through 3.2.26 via SettingsController.php. NOTE: the vendor indicates that there was an error in publishing this CVE Record, and that all parties agree that the affected code was not used in any Statamic product...

Statamic 代码注入漏洞

Statamic is a powerful flat file Cms built on Laravel by Statamic, Inc. for storing all content, templates, assets, and settings in files instead of a database. Statamic suffers from a code injection vulnerability that arises from a network system or product not properly filtering specific elemen...

PT-2022-12333 · Statamic · Statamic

Name of the Vulnerable Software and Affected Versions: Statamic versions through 3.2.26 Description: A Code Execution issue exists via SettingsController.php. However, the vendor indicates that there was an error in publishing this record, and all parties agree that the affected code was not used...

Cross site request forgery (csrf)

Statamic 2.10.3 allows XSS via First Name or Last Name to the /users URI in an 'Add new user' request...

CVE-2018-19598

Statamic 2.10.3 allows XSS via First Name or Last Name to the /users URI in an 'Add new user' request...

CVE-2018-19598

Statamic 2.10.3 allows XSS via First Name or Last Name to the /users URI in an 'Add new user' request...

CVE-2018-19598

Statamic 2.10.3 allows XSS via First Name or Last Name to the /users URI in an 'Add new user' request...

CVE-2018-19598

CVE-2018-19598 affects Statamic 2.10.3. A stored/reflected-like XSS exists via the First Name or Last Name fields in an ‘Add new user’ request to the /users URI. Public exploitation details are not provided in the provided documents. No remediation details are included here.

Statamic framework Access Control Error Vulnerability

Statamic framework is a rapid development framework. The framework can have a rapid creation of website pages , create and manage website forms and other features . An access control error vulnerability exists in Statamic framework before 2.6.0, which is caused by the program failing to properly...

CVE-2017-11422

Statamic framework before 2.6.0 does not correctly check a session's permissions when the methods from a user's class are called. Problematic methods include reset password, create new account, create new role, etc...

Default credentials

Statamic framework before 2.6.0 does not correctly check a session's permissions when the methods from a user's class are called. Problematic methods include reset password, create new account, create new role, etc...