CVE-2022-24784
- EPSS 0.27%
- Veröffentlicht 25.03.2022 22:15:08
- Zuletzt bearbeitet 21.11.2024 06:51:05
Statamic is a Laravel and Git powered CMS. Before versions 3.2.39 and 3.3.2, it is possible to confirm a single character of a user's password hash using a specially crafted regular expression filter in the users endpoint of the REST API. Multiple su...
CVE-2021-45364
- EPSS 0.85%
- Veröffentlicht 10.02.2022 19:15:09
- Zuletzt bearbeitet 21.11.2024 06:32:08
A Code Execution vulnerability exists in Statamic Version through 3.2.26 via SettingsController.php. NOTE: the vendor indicates that there was an error in publishing this CVE Record, and that all parties agree that the affected code was not used in a...
CVE-2018-19598
- EPSS 0.24%
- Veröffentlicht 19.12.2018 19:29:00
- Zuletzt bearbeitet 21.11.2024 03:58:15
Statamic 2.10.3 allows XSS via First Name or Last Name to the /users URI in an 'Add new user' request.
CVE-2017-11422
- EPSS 0.2%
- Veröffentlicht 24.07.2017 12:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
Statamic framework before 2.6.0 does not correctly check a session's permissions when the methods from a user's class are called. Problematic methods include reset password, create new account, create new role, etc.