Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
statamic statamic vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-47129
Statmic is a core Laravel content management system Composer package. Prior to versions 3.4.13 and 4.33.0, on front-end forms with an asset upload field, PHP files crafted to look like images may be uploaded. This only affects forms using the "Forms" feature and not jus...
Statamic Statamic
1 Github repository
9.8
CVSSv3
CVE-2021-45364
A Code Execution vulnerability exists in Statamic Version up to and including 3.2.26 via SettingsController.php. NOTE: the vendor indicates that there was an error in publishing this CVE Record, and that all parties agree that the affected code was not used in any Statamic produc...
Statamic Statamic
8.8
CVSSv3
CVE-2023-48217
Statamic is a flat-first, Laravel + Git powered CMS designed for building websites. In affected versions certain additional PHP files crafted to look like images may be uploaded regardless of mime type validation rules. This affects front-end forms using the "Forms" fea...
Statamic Statamic
8.8
CVSSv3
CVE-2017-11422
Statamic framework prior to 2.6.0 does not correctly check a session's permissions when the methods from a user's class are called. Problematic methods include reset password, create new account, create new role, etc.
Statamic Statamic
6.1
CVSSv3
CVE-2024-24570
Statamic is a Laravel and Git powered CMS. HTML files crafted to look like jpg files are able to be uploaded, allowing for XSS. This affects the front-end forms with asset fields without any mime type validation, asset fields in the control panel, and asset browser in the control...
Statamic Statamic
6.1
CVSSv3
CVE-2023-48701
Statamic CMS is a Laravel and Git powered content management system (CMS). Prior to versions 3.4.15 an 4.36.0, HTML files crafted to look like images may be uploaded regardless of mime validation. This is only applicable on front-end forms using the "Forms" feature cont...
Statamic Statamic
5.4
CVSSv3
CVE-2023-36828
Statamic is a flat-first, Laravel and Git powered content management system. Prior to version 4.10.0, the SVG tag does not sanitize malicious SVG. Therefore, an attacker can exploit this vulnerability to perform cross-site scripting attacks using SVG, even when using the `sanitiz...
Statamic Statamic
4.8
CVSSv3
CVE-2018-19598
Statamic 2.10.3 allows XSS via First Name or Last Name to the /users URI in an 'Add new user' request.
Statamic Statamic 2.10.3
3.7
CVSSv3
CVE-2022-24784
Statamic is a Laravel and Git powered CMS. prior to 3.2.39 and 3.3.2, it is possible to confirm a single character of a user's password hash using a specially crafted regular expression filter in the users endpoint of the REST API. Multiple such requests can eventually uncov...
Statamic Statamic
NA
CVE-2024-36119
Statamic is a, Laravel + Git powered CMS designed for building websites. In affected versions users registering via the `user:register_form` tag will have their password confirmation stored in plain text in their user file. This only affects sites matching **all** of the followin...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-0044
client side
CVE-2021-47601
deserialization
CVE-2024-34994
encryption
CVE-2021-47609
CVE-2024-37079
CVE-2024-38608
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started