CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-35944 – October CMS Safe Mode bypass leads to authenticated RCE (Remote Code Execution)
https://notcve.org/view.php?id=CVE-2022-35944
13 Oct 2022 — October is a self-hosted Content Management System (CMS) platform based on the Laravel PHP Framework. This vulnerability only affects installations that rely on the safe mode restriction, commonly used when providing public access to the admin panel. Assuming an attacker has access to the admin panel and permission to open the "Editor" section, they can bypass the Safe Mode (`cms.safe_mode`) restriction to introduce new PHP code in a CMS template using a specially crafted request. The issue has been patched... • https://github.com/octobercms/october/security/advisories/GHSA-x4q7-m6fp-4v9v • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-24800 – Race Condition in October CMS upload process
https://notcve.org/view.php?id=CVE-2022-24800
12 Jul 2022 — October/System is the system module for October CMS, a self-hosted CMS platform based on the Laravel PHP Framework. Prior to versions 1.0.476, 1.1.12, and 2.2.15, when the developer allows the user to specify their own filename in the `fromData` method, an unauthenticated user can perform remote code execution (RCE) by exploiting a race condition in the temporary storage directory. This vulnerability affects plugins that expose the `October\Rain\Database\Attach\File::fromData` as a public interface and does... • https://github.com/octobercms/library/commit/fe569f3babf3f593be2b1e0a4ae0283506127a83 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-23655 – Missing server signature validation in OctoberCMS
https://notcve.org/view.php?id=CVE-2022-23655
23 Feb 2022 — Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. Affected versions of OctoberCMS did not validate gateway server signatures. As a result non-authoritative gateway servers may be used to exfiltrate user private keys. Users are advised to upgrade their installations to build 474 or v1.1.10. The only known workaround is to manually apply the patch (e3b455ad587282f0fbcb7763c6d9c3d000ca1e6a) which adds server signature validation. • https://github.com/octobercms/october/commit/e3b455ad587282f0fbcb7763c6d9c3d000ca1e6a • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 8.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-21705 – Authenticated remote code execution in octobercms
https://notcve.org/view.php?id=CVE-2022-21705
23 Feb 2022 — Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. In affected versions user input was not properly sanitized before rendering. An authenticated user with the permissions to create, modify and delete website pages can exploit this vulnerability to bypass `cms.safe_mode` / `cms.enableSafeMode` in order to execute arbitrary code. This issue only affects admin panels that rely on safe mode and restricted permissions. To exploit this vulnerability, an attacker must first have access to... • https://github.com/octobercms/library/commit/c393c5ce9ca2c5acc3ed6c9bb0dab5ffd61965fe • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-32649 – Authenticated file write leads to remote code execution in october/system
https://notcve.org/view.php?id=CVE-2021-32649
14 Jan 2022 — October CMS is a self-hosted content management system (CMS) platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with "create, modify and delete website pages" privileges in the backend is able to execute PHP code by running specially crafted Twig code in the template markup. The issue has been patched in Build 473 (v1.0.473) and v1.1.6. Those unable to upgrade may apply the patch to their installation manually as a workaround. October CMS es una plataforma de siste... • https://github.com/octobercms/october/commit/167b592eed291ae1563c8fcc5b9b34a03a300f26 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.2EPSS: 0%CPEs: 2EXPL: 0CVE-2021-21264 – Bypass of fix for CVE-2020-26231, Twig sandbox escape
https://notcve.org/view.php?id=CVE-2021-21264
03 May 2021 — October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. A bypass of CVE-2020-26231 (fixed in 1.0.470/471 and 1.1.1) was discovered that has the same impact as CVE-2020-26231 & CVE-2020-15247. An authenticated backend user with the `cms.manage_pages`, `cms.manage_layouts`, or `cms.manage_partials` permissions who would **normally** not be permitted to provide PHP code to be executed by the CMS due to `cms.enableSafeMode` being enabled is able to write specific Twig code t... • https://github.com/octobercms/october/security/advisories/GHSA-fcr8-6q7r-m4wg • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-21265 – Potential Host Header Poisoning on misconfigured servers
https://notcve.org/view.php?id=CVE-2021-21265
10 Mar 2021 — October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October before version 1.1.2, when running on poorly configured servers (i.e. the server routes any request, regardless of the HOST header to an October CMS instance) the potential exists for Host Header Poisoning attacks to succeed. This has been addressed in version 1.1.2 by adding a feature to allow a set of trusted hosts to be specified in the application. As a workaround one may set the configuration setting... • https://github.com/octobercms/library/commit/f86fcbcd066d6f8b939e8fe897409d152b11c3c6 • CWE-644: Improper Neutralization of HTTP Headers for Scripting Syntax •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2021-3311
https://notcve.org/view.php?id=CVE-2021-3311
05 Feb 2021 — An issue was discovered in October through build 471. It reactivates an old session ID (which had been invalid after a logout) once a new login occurs. NOTE: this violates the intended Auth/Manager.php authentication behavior but, admittedly, is only relevant if an old session ID is known to an attacker. Se detectó un problema en October hasta el build 471. Reactiva una ID de una sesión anterior (que había sido no válida después de cerrar la sesión) una vez que se produce un nuevo inicio de sesión. • https://anisiosantos.me/october-cms-token-reactivation • CWE-613: Insufficient Session Expiration •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15249 – Stored XSS by authenticated backend user with access to upload files
https://notcve.org/view.php?id=CVE-2020-15249
23 Nov 2020 — October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.469, backend users with access to upload files were permitted to upload SVG files without any sanitization applied to the uploaded files. Since SVG files support being parsed as HTML by browsers, this means that they could theoretically upload Javascript that would be executed on a path under the website's domain (i.e. /storage/app/media/evil.svg), but they ... • https://github.com/octobercms/library/commit/80aab47f044a2660aa352450f55137598f362aa4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15248 – Privilege escalation by backend users assigned to the default "Publisher" system role
https://notcve.org/view.php?id=CVE-2020-15248
23 Nov 2020 — October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.470, backend users with the default "Publisher" system role have access to create & manage users where they can choose which role the new user has. This means that a user with "Publisher" access has the ability to escalate their access to "Developer" access. Issue has been patched in Build 470 (v1.0.470) & v1.1.1. October es una plataforma CMS gratuita, de c... • https://github.com/octobercms/october/commit/78a37298a4ed4602b383522344a31e311402d829 • CWE-269: Improper Privilege Management CWE-863: Incorrect Authorization •