// For flags

CVE-2017-16941

 

Severity Score

8.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

October CMS through 1.0.428 does not prevent use of .htaccess in themes, which allows remote authenticated users to execute arbitrary PHP code by downloading a theme ZIP archive from /backend/cms/themes, and then uploading and importing a modified archive with two new files: a .php file and a .htaccess file. NOTE: the vendor says "I don't think [an attacker able to login to the system under an account that has access to manage/upload themes] is a threat model that we need to be considering.

** EN DISPUTA ** October CMS hasta la versión 1.0.428 no evita el uso de .htaccess en los temas, lo que permite que usuarios autenticados remotos ejecuten código PHP arbitrario mediante la descarga de un archivo ZIP de temas de /backend/cms/themes y, a continuación, subiendo e importando un archivo modificado con dos nuevos archivos: un archivo .php y un archivo .htaccess. NOTA: el fabricante dice: "No creo que [un atacante capaz de iniciar sesión en el sistema bajo una cuenta que tiene acceso para gestionar/subir temas] sea un modelo de amenaza que necesitemos tener en consideración".

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-11-24 CVE Reserved
  • 2017-11-25 CVE Published
  • 2024-01-21 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-434: Unrestricted Upload of File with Dangerous Type
CAPEC
References (1)
URL Tag Source
https://github.com/octobercms/october/issues/3257 Issue Tracking
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Octobercms
Search vendor "Octobercms"
 October
Search vendor "Octobercms" for product "October"
 <= 1.0.428
Search vendor "Octobercms" for product "October" and version " <= 1.0.428"
-
Affected