Joshuaalwin

**Name of the Vulnerable Software and Affected Versions** Statamic versions prior to 5.73.20 Statamic versions prior to 6.13.0 **Description** Manipulating query parameters on Control Panel and REST API endpoints, or arguments in GraphQL queries, can lead to the loss of content, assets, and user accounts. Exploitation via the Control Panel requires authentication with minimal permissions, such as the "view entries" permission to delete entries or the "view users" permission to delete users. Exploits targeting the REST and GraphQL APIs do not require permissions, but these APIs are not enabled by default; they must be explicitly enabled without authentication and with specific resources accessible to be exploited. **Recommendations** Update to version 5.73.20 Update to version 6.13.0