CVE-2018-1999009
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
October CMS version prior to Build 437 contains a Local File Inclusion vulnerability in modules/system/traits/ViewMaker.php#244 (makeFileContents function) that can result in Sensitive information disclosure and remote code execution. This attack appear to be exploitable remotely if the /backend path is accessible. This vulnerability appears to have been fixed in Build 437.
October CMS en versiones anteriores a la Build 437 contiene una vulnerabilidad de inclusión de archivos locales en modules/system/traits/ViewMaker.php#244 (función makeFileContents) que puede resultar en la divulgación de información sensible y en la ejecución de código remoto. El ataque parece ser explotable de forma remota si la ruta /backend es accesible. La vulnerabilidad parece haber sido solucionada en la build 437.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-07-23 CVE Reserved
- 2018-07-23 CVE Published
- 2024-09-17 CVE Updated
- 2024-10-26 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://octobercms.com/support/article/rn-10 | 2020-08-03 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Octobercms Search vendor "Octobercms" | October Search vendor "Octobercms" for product "October" | - | - |
Affected
| ||||||