|
|
|
|
|
|
by jamesmoss
4503 days ago
|
|
|
I'd be wary of using Statamic, at least the admin panel portion. I did a code review of it recently and it's pretty insecure, if you can disable/delete admin.php I'd recommend it. After a quick look I found a few basic CSRF and session hijacking exploits going back several versions (including the latest). The PHP code is pretty amateur - I imagine somebody with more skill could find many many more holes. |
|
|