CVE-2017-11422

Publication date

2017-07-24 12:00:00

Family

mitre

State

PUBLISHED

Description

Statamic framework before 2.6.0 does not correctly check a sessions permissions when the methods from a users class are called. Problematic methods include reset password, create new account, create new role, etc.