High severity8.8NVD Advisory· Published Jul 24, 2017· Updated May 13, 2026
CVE-2017-11422
CVE-2017-11422
Description
Statamic framework before 2.6.0 does not correctly check a session's permissions when the methods from a user's class are called. Problematic methods include reset password, create new account, create new role, etc.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
statamic/cmsPackagist | < 2.6.0 | 2.6.0 |
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- gist.github.com/rambo691/3714c8c09cf894d574d37c294711c49envdThird Party Advisory
- github.com/advisories/GHSA-5m64-9hq5-5pf2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-11422ghsaADVISORY
News mentions
0No linked articles in our index yet.