Hey, I'm Chris! A cybersecurity researcher and content creator from United States.
View my vulnerability discoveries and responsible disclosure timeline
A content editor can inject Antlers into Statamic SEO Pro meta fields and dump the entire Laravel config, APP_KEY included, to any unauthenticated visitor.
An unauthenticated _reset_url parameter in Statamic CMS redirects a password reset token to an attacker, leading to account takeover. Plus a bypass of the first patch.
A low-privileged Contributor can permanently take over a Ghost CMS site Owner account through unsanitized embed card HTML in the admin panel. Ghost declined to patch it.
