CMS
by Statamic
Source repositories
CVEs (72)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-40661 | 0.00 | — | 0.00 | Jun 10, 2025 | An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/selection.asp. | |||
| CVE-2025-40658 | 0.00 | — | 0.00 | Jun 10, 2025 | An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/framesSelection.asp. | |||
| CVE-2025-5432 | 0.00 | — | 0.00 | Jun 2, 2025 | A vulnerability has been found in AssamLook CMS 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /view_tender.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit… | |||
| CVE-2025-5430 | 0.00 | — | 0.00 | Jun 2, 2025 | A vulnerability, which was classified as critical, has been found in AssamLook CMS 1.0. This issue affects some unknown processing of the file /product.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been… | |||
| CVE-2025-5381 | 0.00 | — | 0.01 | May 31, 2025 | A vulnerability, which was classified as problematic, was found in Yifang CMS up to 2.0.2. Affected is the function downloadFile of the file /api/File/downloadFile of the component Admin Panel. The manipulation of the argument File leads to path traversal. It is possible to… | |||
| CVE-2024-24570 | 0.00 | — | 0.01 | Feb 1, 2024 | Statamic is a Laravel and Git powered CMS. HTML files crafted to look like jpg files are able to be uploaded, allowing for XSS. This affects the front-end forms with asset fields without any mime type validation, asset fields in the control panel, and asset browser in the… | |||
| CVE-2023-48701 | 0.00 | — | 0.01 | Nov 21, 2023 | Statamic CMS is a Laravel and Git powered content management system (CMS). Prior to versions 3.4.15 an 4.36.0, HTML files crafted to look like images may be uploaded regardless of mime validation. This is only applicable on front-end forms using the "Forms" feature containing an… | |||
| CVE-2023-48217 | 0.00 | — | 0.01 | Nov 14, 2023 | Statamic is a flat-first, Laravel + Git powered CMS designed for building websites. In affected versions certain additional PHP files crafted to look like images may be uploaded regardless of mime type validation rules. This affects front-end forms using the "Forms" feature, and… | |||
| CVE-2023-47129 | 0.00 | — | 0.01 | Nov 10, 2023 | Statmic is a core Laravel content management system Composer package. Prior to versions 3.4.13 and 4.33.0, on front-end forms with an asset upload field, PHP files crafted to look like images may be uploaded. This only affects forms using the "Forms" feature and not just _any_… | |||
| CVE-2023-36828 | 0.00 | — | 0.01 | Jul 5, 2023 | Statamic is a flat-first, Laravel and Git powered content management system. Prior to version 4.10.0, the SVG tag does not sanitize malicious SVG. Therefore, an attacker can exploit this vulnerability to perform cross-site scripting attacks using SVG, even when using the… | |||
| CVE-2022-24784 | 0.00 | — | 0.01 | Mar 25, 2022 | Statamic is a Laravel and Git powered CMS. Before versions 3.2.39 and 3.3.2, it is possible to confirm a single character of a user's password hash using a specially crafted regular expression filter in the users endpoint of the REST API. Multiple such requests can eventually… | |||
| CVE-2018-19598 | 0.00 | — | 0.01 | Dec 19, 2018 | Statamic 2.10.3 allows XSS via First Name or Last Name to the /users URI in an 'Add new user' request. |
- CVE-2025-40661Jun 10, 2025risk 0.00cvss —epss 0.00
An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/selection.asp.
- CVE-2025-40658Jun 10, 2025risk 0.00cvss —epss 0.00
An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/framesSelection.asp.
- CVE-2025-5432Jun 2, 2025risk 0.00cvss —epss 0.00
A vulnerability has been found in AssamLook CMS 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /view_tender.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit…
- CVE-2025-5430Jun 2, 2025risk 0.00cvss —epss 0.00
A vulnerability, which was classified as critical, has been found in AssamLook CMS 1.0. This issue affects some unknown processing of the file /product.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been…
- CVE-2025-5381May 31, 2025risk 0.00cvss —epss 0.01
A vulnerability, which was classified as problematic, was found in Yifang CMS up to 2.0.2. Affected is the function downloadFile of the file /api/File/downloadFile of the component Admin Panel. The manipulation of the argument File leads to path traversal. It is possible to…
- CVE-2024-24570Feb 1, 2024risk 0.00cvss —epss 0.01
Statamic is a Laravel and Git powered CMS. HTML files crafted to look like jpg files are able to be uploaded, allowing for XSS. This affects the front-end forms with asset fields without any mime type validation, asset fields in the control panel, and asset browser in the…
- CVE-2023-48701Nov 21, 2023risk 0.00cvss —epss 0.01
Statamic CMS is a Laravel and Git powered content management system (CMS). Prior to versions 3.4.15 an 4.36.0, HTML files crafted to look like images may be uploaded regardless of mime validation. This is only applicable on front-end forms using the "Forms" feature containing an…
- CVE-2023-48217Nov 14, 2023risk 0.00cvss —epss 0.01
Statamic is a flat-first, Laravel + Git powered CMS designed for building websites. In affected versions certain additional PHP files crafted to look like images may be uploaded regardless of mime type validation rules. This affects front-end forms using the "Forms" feature, and…
- CVE-2023-47129Nov 10, 2023risk 0.00cvss —epss 0.01
Statmic is a core Laravel content management system Composer package. Prior to versions 3.4.13 and 4.33.0, on front-end forms with an asset upload field, PHP files crafted to look like images may be uploaded. This only affects forms using the "Forms" feature and not just _any_…
- CVE-2023-36828Jul 5, 2023risk 0.00cvss —epss 0.01
Statamic is a flat-first, Laravel and Git powered content management system. Prior to version 4.10.0, the SVG tag does not sanitize malicious SVG. Therefore, an attacker can exploit this vulnerability to perform cross-site scripting attacks using SVG, even when using the…
- CVE-2022-24784Mar 25, 2022risk 0.00cvss —epss 0.01
Statamic is a Laravel and Git powered CMS. Before versions 3.2.39 and 3.3.2, it is possible to confirm a single character of a user's password hash using a specially crafted regular expression filter in the users endpoint of the REST API. Multiple such requests can eventually…
- CVE-2018-19598Dec 19, 2018risk 0.00cvss —epss 0.01
Statamic 2.10.3 allows XSS via First Name or Last Name to the /users URI in an 'Add new user' request.
Page 4 of 4