CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-47129 – Statamic CMS remote code execution via front-end form uploads
https://notcve.org/view.php?id=CVE-2023-47129
Statmic is a core Laravel content management system Composer package. Prior to versions 3.4.13 and 4.33.0, on front-end forms with an asset upload field, PHP files crafted to look like images may be uploaded. This only affects forms using the "Forms" feature and not just _any_ arbitrary form. This does not affect the control panel. This issue has been patched in 3.4.13 and 4.33.0. • https://github.com/Cyber-Wo0dy/CVE-2023-47129 https://github.com/statamic/cms/commit/098ef8024d97286ca501273c18ae75b646262d75 https://github.com/statamic/cms/commit/f6c688154f6bdbd0b67039f8f11dcd98ba061e77 https://github.com/statamic/cms/security/advisories/GHSA-72hg-5wr5-rmfc • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-36828 – Statamic's Antlers sanitizer cannot effectively sanitize malicious SVG
https://notcve.org/view.php?id=CVE-2023-36828
Statamic is a flat-first, Laravel and Git powered content management system. Prior to version 4.10.0, the SVG tag does not sanitize malicious SVG. Therefore, an attacker can exploit this vulnerability to perform cross-site scripting attacks using SVG, even when using the `sanitize` function. Version 4.10.0 contains a patch for this issue. • https://github.com/statamic/cms/blob/f806b6b007ddcf066082eef175653c5beaa96d60/src/Http/Controllers/CP/Fieldtypes/FilesFieldtypeController.php#L15 https://github.com/statamic/cms/blob/f806b6b007ddcf066082eef175653c5beaa96d60/src/Tags/Svg.php#L36-L40 https://github.com/statamic/cms/commit/c714893ad92de6e5ede17b501003441af505b30d https://github.com/statamic/cms/pull/8408 https://github.com/statamic/cms/releases/tag/v4.10.0 https://github.com/statamic/cms/security/advisories/GHSA-6r5g-cq4q-327g • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-24784 – Discoverability of user password hash in Statamic CMS
https://notcve.org/view.php?id=CVE-2022-24784
Statamic is a Laravel and Git powered CMS. Before versions 3.2.39 and 3.3.2, it is possible to confirm a single character of a user's password hash using a specially crafted regular expression filter in the users endpoint of the REST API. Multiple such requests can eventually uncover the entire hash. The hash is not present in the response, however the presence or absence of a result confirms if the character is in the right position. The API has throttling enabled by default, making this a time intensive task. • https://github.com/statamic/cms/issues/5604 https://github.com/statamic/cms/pull/5568 https://github.com/statamic/cms/security/advisories/GHSA-qcgx-7p5f-hxvr • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-45364
https://notcve.org/view.php?id=CVE-2021-45364
A Code Execution vulnerability exists in Statamic Version through 3.2.26 via SettingsController.php. NOTE: the vendor indicates that there was an error in publishing this CVE Record, and that all parties agree that the affected code was not used in any Statamic product ** EN DISPUTA ** Se presenta una vulnerabilidad de Ejecución de Código en Statamic versiones hasta 3.2.26 por medio del archivo SettingsController.php NOTA: el proveedor indica que hubo un error al publicar este Registro CVE y que todas las partes están de acuerdo en que el código afectado no se usó en ningún producto de Statamic • https://github.com/Stakcery/Web-Security/issues/2 •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19598
https://notcve.org/view.php?id=CVE-2018-19598
Statamic 2.10.3 allows XSS via First Name or Last Name to the /users URI in an 'Add new user' request. Statamic 2.10.3 permite Cross-Site Scripting (XSS) mediante "First Name" o "Last Name" en el URI /users en una petición "Add new user". • https://github.com/security-breachlock/CVE-2018-19598/blob/master/Static%20cms.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •