A content editor can inject Antlers into Statamic SEO Pro meta fields and dump the entire Laravel config, APP_KEY included, to any unauthenticated visitor.
An unauthenticated _reset_url parameter in Statamic CMS redirects a password reset token to an attacker, leading to account takeover. Plus a bypass of the first patch.
A low-privileged Contributor can permanently take over a Ghost CMS site Owner account through unsanitized embed card HTML in the admin panel. Ghost declined to patch it.
The target was a Flask-based web application vulnerable to multiple critical security flaws...
As a member of the Hack Smarter Red Team, you have been assigned a web application penetration test on a clients employee portal.
