CVE-2023-44381 – October CMS safe mode bypass using Page template injection
https://notcve.org/view.php?id=CVE-2023-44381
October is a Content Management System (CMS) and web platform to assist with development workflow. An authenticated backend user with the `editor.cms_pages`, `editor.cms_layouts`, or `editor.cms_partials` permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to `cms.safe_mode` being enabled can craft a special request to include PHP code in the CMS template. This issue has been patched in version 3.4.15. October es Content Management System (CMS) y una plataforma web para ayudar con el flujo de trabajo de desarrollo. Un usuario backend autenticado con los permisos `editor.cms_pages`, `editor.cms_layouts` o `editor.cms_partials` a quien normalmente no se le permitiría proporcionar código PHP para que lo ejecute el CMS debido a que `cms.safe_mode` está habilitado puede manipular una solicitud especial para incluir código PHP en la plantilla CMS. • https://github.com/octobercms/october/security/advisories/GHSA-q22j-5r3g-9hmh • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-44382 – October CMS safe mode bypass using Twig sandbox escape
https://notcve.org/view.php?id=CVE-2023-44382
October is a Content Management System (CMS) and web platform to assist with development workflow. An authenticated backend user with the `editor.cms_pages`, `editor.cms_layouts`, or `editor.cms_partials` permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to `cms.safe_mode` being enabled can write specific Twig code to escape the Twig sandbox and execute arbitrary PHP. This issue has been patched in 3.4.15. October es Content Management System (CMS) y una plataforma web para ayudar con el flujo de trabajo de desarrollo. Un usuario backend autenticado con los permisos `editor.cms_pages`, `editor.cms_layouts` o `editor.cms_partials` a quien normalmente no se le permitiría proporcionar código PHP para que lo ejecute el CMS debido a que `cms.safe_mode` está habilitado puede escribir código Twig específico para escapar de la sandbox de Twig y ejecutar PHP arbitrario. • https://github.com/octobercms/october/security/advisories/GHSA-p8q3-h652-65vx • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-44383 – October CMS stored XSS by authenticated backend user with improper configuration
https://notcve.org/view.php?id=CVE-2023-44383
October is a Content Management System (CMS) and web platform to assist with development workflow. A user with access to the media manager that stores SVG files could create a stored XSS attack against themselves and any other user with access to the media manager when SVG files are supported. This issue has been patched in version 3.5.2. October es Content Management System (CMS) y una plataforma web para ayudar con el flujo de trabajo de desarrollo. Un usuario con acceso al administrador de medios que almacena archivos SVG podría crear un ataque XSS almacenado contra sí mismo y contra cualquier otro usuario con acceso al administrador de medios cuando se admiten archivos SVG. • https://github.com/octobercms/october/commit/b7eed0bbf54d07ff310fcdc7037a8e8bf1f5043b https://github.com/octobercms/october/security/advisories/GHSA-rvx8-p3xp-fj3p • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-35944 – October CMS Safe Mode bypass leads to authenticated RCE (Remote Code Execution)
https://notcve.org/view.php?id=CVE-2022-35944
October is a self-hosted Content Management System (CMS) platform based on the Laravel PHP Framework. This vulnerability only affects installations that rely on the safe mode restriction, commonly used when providing public access to the admin panel. Assuming an attacker has access to the admin panel and permission to open the "Editor" section, they can bypass the Safe Mode (`cms.safe_mode`) restriction to introduce new PHP code in a CMS template using a specially crafted request. The issue has been patched in versions 2.2.34 and 3.0.66. October es una plataforma de Sistema de Administración de Contenidos (CMS) auto alojada basada en el Framework PHP Laravel. • https://github.com/octobercms/october/security/advisories/GHSA-x4q7-m6fp-4v9v • CWE-94: Improper Control of Generation of Code ('Code Injection') •