CVE-2020-5296 – Arbitrary File Deletion vulnerability in OctoberCMS
https://notcve.org/view.php?id=CVE-2020-5296
In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to delete arbitrary local files of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the `cms.manage_assets` permission. Issue has been patched in Build 466 (v1.0.466). En OctoberCMS (paquete de compositor october/october) versiones desde 1.0.319 y anteriores a 1.0.466, un atacante puede explotar esta vulnerabilidad para eliminar archivos locales arbitrarios de un servidor de October CMS. La vulnerabilidad solo es explotable por un usuario de backend autenticado con el permiso "cms.manage_assets". • http://packetstormsecurity.com/files/158730/October-CMS-Build-465-XSS-File-Read-File-Deletion-CSV-Injection.html http://seclists.org/fulldisclosure/2020/Aug/2 https://github.com/octobercms/october/commit/2b8939cc8b5b6fe81e093fe2c9f883ada4e3c8cc https://github.com/octobercms/october/security/advisories/GHSA-jv6v-fvvx-4932 • CWE-73: External Control of File Name or Path CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVE-2020-5297 – Upload whitelisted files to any directory in OctoberCMS
https://notcve.org/view.php?id=CVE-2020-5297
In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to upload jpg, jpeg, bmp, png, webp, gif, ico, css, js, woff, woff2, svg, ttf, eot, json, md, less, sass, scss, xml files to any directory of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the `cms.manage_assets` permission. Issue has been patched in Build 466 (v1.0.466). En OctoberCMS (paquete de compositor october/october) versiones desde 1.0.319 y anteriores a 1.0.466, un atacante puede explotar esta vulnerabilidad para cargar archivos jpg, jpeg, bmp, png, webp, gif, ico, css, js, woff, woff2, svg, ttf, eot, json, md, less, sass, scss, xml hacia cualquier directorio de un servidor de October CMS. La vulnerabilidad solo es explotable por un usuario de backend autenticado con el permiso "cms.manage_assets". • http://packetstormsecurity.com/files/158730/October-CMS-Build-465-XSS-File-Read-File-Deletion-CSV-Injection.html http://seclists.org/fulldisclosure/2020/Aug/2 https://github.com/octobercms/october/commit/6711dae8ef70caf0e94cec434498012a2ccd86b8 https://github.com/octobercms/october/security/advisories/GHSA-9722-rr68-rfpg • CWE-73: External Control of File Name or Path CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVE-2020-5298 – Reflected XSS when importing CSV in OctoberCMS
https://notcve.org/view.php?id=CVE-2020-5298
In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, a user with the ability to use the import functionality of the `ImportExportController` behavior can be socially engineered by an attacker to upload a maliciously crafted CSV file which could result in a reflected XSS attack on the user in question Issue has been patched in Build 466 (v1.0.466). En OctoberCMS (paquete de compositor october/october) versiones desde 1.0.319 y anteriores a 1.0.466, un usuario con la habilidad de usar la funcionalidad import del comportamiento de la función "ImportExportController" puede ser ingeniería social por parte de un atacante para descargar un archivo CSV malicioso que podría resultar en un ataque de tipo XSS reflejado en el usuario en cuestión. El problema ha sido parcheado en el Build 466 (versión v1.0.466) October CMS builds 465 and below suffer from arbitrary file read, arbitrary file deletion, file uploading to arbitrary locations, persistent and reflective cross site scripting, and CSV injection vulnerabilities. • http://packetstormsecurity.com/files/158730/October-CMS-Build-465-XSS-File-Read-File-Deletion-CSV-Injection.html http://seclists.org/fulldisclosure/2020/Aug/2 https://github.com/octobercms/october/commit/cd0b6a791f995d86071a024464c1702efc50f46c https://github.com/octobercms/october/security/advisories/GHSA-gg6x-xx78-448c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-87: Improper Neutralization of Alternate XSS Syntax •
CVE-2020-5295 – Local File read vulnerability in OctoberCMS
https://notcve.org/view.php?id=CVE-2020-5295
In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to read local files of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the `cms.manage_assets` permission. Issue has been patched in Build 466 (v1.0.466). En OctoberCMS (paquete de compositor october/october) versiones desde 1.0.319 y anteriores a 1.0.466, un atacante puede explotar esta vulnerabilidad para leer archivos locales de un servidor de October CMS. La vulnerabilidad solo es explotable por un usuario de backend autenticado con el permiso "cms.manage_assets". • https://www.exploit-db.com/exploits/49045 http://packetstormsecurity.com/files/158730/October-CMS-Build-465-XSS-File-Read-File-Deletion-CSV-Injection.html http://seclists.org/fulldisclosure/2020/Aug/2 https://github.com/octobercms/october/commit/2b8939cc8b5b6fe81e093fe2c9f883ada4e3c8cc https://github.com/octobercms/october/security/advisories/GHSA-r23f-c2j5-rx2f • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVE-2018-1999008
https://notcve.org/view.php?id=CVE-2018-1999008
October CMS version prior to build 437 contains a Cross Site Scripting (XSS) vulnerability in the Media module and create folder functionality that can result in an Authenticated user with media module permission creating arbitrary folder name with XSS content. This attack appear to be exploitable via an Authenticated user with media module permission who can create arbitrary folder name (XSS). This vulnerability appears to have been fixed in build 437. October CMS en versiones anteriores a la build 437 contiene una vulnerabilidad de Cross-Site Scripting (XSS) en el módulo Media y en la funcionalidad de creación de carpetas que puede resultar en que un usuario autenticado con permisos del módulo media cree nombres de carpeta arbitrarios con contenido XSS. El ataque parece ser explotable mediante un usuario autenticado con permisos del módulo media que pueda crear nombres de carpeta arbitrarios (XSS). • https://octobercms.com/support/article/rn-10 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •