Jason Varga

14 exploits Active since Jul 2023
CVE-2023-36828 WRITEUP MEDIUM WRITEUP
Statamic < 4.10.0 - Stored Cross-Site Scripting via Malicious SVG Upload
Statamic is a flat-first, Laravel and Git powered content management system. Prior to version 4.10.0, the SVG tag does not sanitize malicious SVG. Therefore, an attacker can exploit this vulnerability to perform cross-site scripting attacks using SVG, even when using the `sanitize` function. Version 4.10.0 contains a patch for this issue.
CVSS 5.5
CVE-2023-47129 WRITEUP HIGH WRITEUP
Statamic < 3.4.13 and 4.0.0-4.33.0 - Unrestricted Upload of File with Dangerous Type via Front-End Forms
Statmic is a core Laravel content management system Composer package. Prior to versions 3.4.13 and 4.33.0, on front-end forms with an asset upload field, PHP files crafted to look like images may be uploaded. This only affects forms using the "Forms" feature and not just _any_ arbitrary form. This does not affect the control panel. This issue has been patched in 3.4.13 and 4.33.0.
CVSS 8.3
CVE-2023-47129 WRITEUP HIGH WRITEUP
Statamic < 3.4.13 and 4.0.0-4.33.0 - Unrestricted Upload of File with Dangerous Type via Front-End Forms
Statmic is a core Laravel content management system Composer package. Prior to versions 3.4.13 and 4.33.0, on front-end forms with an asset upload field, PHP files crafted to look like images may be uploaded. This only affects forms using the "Forms" feature and not just _any_ arbitrary form. This does not affect the control panel. This issue has been patched in 3.4.13 and 4.33.0.
CVSS 8.3
CVE-2024-52600 WRITEUP MEDIUM WRITEUP
Statamic CMS < 5.17.0 - Path Traversal via Crafted Filename Upload
Statmatic is a Laravel and Git powered content management system (CMS). Prior to version 5.17.0, assets uploaded with appropriately crafted filenames may result in them being placed in a location different than what was configured. The issue affects front-end forms with `assets` fields and other places where assets can be uploaded, although users would need upload permissions anyway. Files can be uploaded so they would be located on the server in a different location, and potentially override existing files. Traversal outside an asset container is not possible. This path traversal vulnerability has been fixed in 5.17.0.
CVSS 5.3
CVE-2024-52600 WRITEUP MEDIUM WRITEUP
Statamic CMS < 5.17.0 - Path Traversal via Crafted Filename Upload
Statmatic is a Laravel and Git powered content management system (CMS). Prior to version 5.17.0, assets uploaded with appropriately crafted filenames may result in them being placed in a location different than what was configured. The issue affects front-end forms with `assets` fields and other places where assets can be uploaded, although users would need upload permissions anyway. Files can be uploaded so they would be located on the server in a different location, and potentially override existing files. Traversal outside an asset container is not possible. This path traversal vulnerability has been fixed in 5.17.0.
CVSS 5.3
CVE-2026-27593 WRITEUP CRITICAL WRITEUP
Statmatic <6.3.3/5.73.10 - Auth Bypass
Statmatic is a Laravel and Git powered content management system (CMS). Prior to versions 6.3.3 and 5.73.10, an attacker may leverage a vulnerability in the password reset feature to capture a user's token and reset the password on their behalf. The attacker must know the email address of a valid account on the site, and the actual user must blindly click the link in their email even though they didn't request the reset. This has been fixed in 6.3.3 and 5.73.10.
CVSS 9.3
CVE-2026-27196 WRITEUP HIGH WRITEUP
Statmatic <=5.73.8/6.0.0-6.3.1 - Stored XSS
Statmatic is a Laravel and Git powered content management system (CMS). Versions 5.73.8 and below in addition to 6.0.0-alpha.1 through 6.3.1 have a Stored XSS vulnerability in html fieldtypes which allows authenticated users with field management permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. This issue has been fixed in 6.3.2 and 5.73.9.
CVSS 8.1
CVE-2026-27593 WRITEUP CRITICAL WRITEUP
Statmatic <6.3.3/5.73.10 - Auth Bypass
Statmatic is a Laravel and Git powered content management system (CMS). Prior to versions 6.3.3 and 5.73.10, an attacker may leverage a vulnerability in the password reset feature to capture a user's token and reset the password on their behalf. The attacker must know the email address of a valid account on the site, and the actual user must blindly click the link in their email even though they didn't request the reset. This has been fixed in 6.3.3 and 5.73.10.
CVSS 9.3
CVE-2026-27939 WRITEUP HIGH WRITEUP
Statmatic 6.0.0-6.3.9 - Privilege Escalation
Statmatic is a Laravel and Git powered content management system (CMS). Starting in version 6.0.0 and prior to version 6.4.0, Authenticated Control Panel users may under certain conditions obtain elevated privileges without completing the intended verification step. This can allow access to sensitive operations and, depending on the user’s existing permissions, may lead to privilege escalation. This has been fixed in 6.4.0.
CVSS 8.8
CVE-2026-27593 WRITEUP CRITICAL WRITEUP
Statmatic <6.3.3/5.73.10 - Auth Bypass
Statmatic is a Laravel and Git powered content management system (CMS). Prior to versions 6.3.3 and 5.73.10, an attacker may leverage a vulnerability in the password reset feature to capture a user's token and reset the password on their behalf. The attacker must know the email address of a valid account on the site, and the actual user must blindly click the link in their email even though they didn't request the reset. This has been fixed in 6.3.3 and 5.73.10.
CVSS 9.3
CVE-2026-27196 WRITEUP HIGH WRITEUP
Statmatic <=5.73.8/6.0.0-6.3.1 - Stored XSS
Statmatic is a Laravel and Git powered content management system (CMS). Versions 5.73.8 and below in addition to 6.0.0-alpha.1 through 6.3.1 have a Stored XSS vulnerability in html fieldtypes which allows authenticated users with field management permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. This issue has been fixed in 6.3.2 and 5.73.9.
CVSS 8.1
CVE-2023-48217 WRITEUP HIGH WRITEUP
Statamic < 3.4.14 and 4.0.0-4.34.0 - Unrestricted Upload of File with Dangerous Type
Statamic is a flat-first, Laravel + Git powered CMS designed for building websites. In affected versions certain additional PHP files crafted to look like images may be uploaded regardless of mime type validation rules. This affects front-end forms using the "Forms" feature, and asset upload fields in the control panel. Malicious users could leverage this vulnerability to upload and execute code. This issue has been patched in versions 3.4.14 and 4.34.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS 8.8
CVE-2024-52600 WRITEUP MEDIUM WRITEUP
Statamic CMS < 5.17.0 - Path Traversal via Crafted Filename Upload
Statmatic is a Laravel and Git powered content management system (CMS). Prior to version 5.17.0, assets uploaded with appropriately crafted filenames may result in them being placed in a location different than what was configured. The issue affects front-end forms with `assets` fields and other places where assets can be uploaded, although users would need upload permissions anyway. Files can be uploaded so they would be located on the server in a different location, and potentially override existing files. Traversal outside an asset container is not possible. This path traversal vulnerability has been fixed in 5.17.0.
CVSS 5.3
CVE-2026-25759 WRITEUP HIGH WRITEUP
Statamic CMS 6.0.0-6.2.2 - Authenticated Stored Cross-Site Scripting in Content Titles
Statmatic is a Laravel and Git powered content management system (CMS). From 6.0.0 to before 6.2.3, a stored XSS vulnerability in content titles allows authenticated users with content creation permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. Malicious user must have an account with control panel access and content creation permissions. This vulnerability can be exploited to allow super admin accounts to be created. This has been fixed in 6.2.3.
CVSS 8.7