Description

The Alt Redirect 1.6.3 addon for Statamic fails to consistently strip query string parameters when the "Query String Strip" feature is enabled. Case variations, encoded keys, and duplicates are not removed, allowing attackers to bypass sanitization. This may lead to cache poisoning, parameter pollution, or denial of service.

INFO

Published Date :

2025-10-10T00:00:00.000Z

Last Modified :

2025-10-10T14:26:35.204Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-60868 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-60868.

URL Resource
https://gist.github.com/kasiasok/870933de18d1400fa8be88e1bcadec6c cve-icon cve-icon
https://statamic.com/addons/alt-design/alt-redirects/release-notes cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System