CVE-2022-21705

Authenticated remote code execution in octobercms

Severity Score

7.2

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. In affected versions user input was not properly sanitized before rendering. An authenticated user with the permissions to create, modify and delete website pages can exploit this vulnerability to bypass `cms.safe_mode` / `cms.enableSafeMode` in order to execute arbitrary code. This issue only affects admin panels that rely on safe mode and restricted permissions. To exploit this vulnerability, an attacker must first have access to the backend area. The issue has been patched in Build 474 (v1.0.474) and v1.1.10. Users unable to upgrade should apply https://github.com/octobercms/library/commit/c393c5ce9ca2c5acc3ed6c9bb0dab5ffd61965fe to your installation manually.

Octobercms es una plataforma CMS auto-alojada basada en el framework PHP Laravel. En las versiones afectadas, la entrada del usuario no se desinfectaba correctamente antes de la renderización. Un usuario autenticado con permisos para crear, modificar y eliminar páginas del sitio web puede explotar esta vulnerabilidad para saltarse `cms.safe_mode` / `cms.enableSafeMode` con el fin de ejecutar código arbitrario. Este problema sólo afecta a los paneles de administración que dependen del modo seguro y de los permisos restringidos. Para explotar esta vulnerabilidad, un atacante debe tener primero acceso al área del backend. El problema ha sido parcheado en la Build 474 (v1.0.474) y en la v1.1.10. Los usuarios que no puedan actualizar deberán aplicar https://github.com/octobercms/library/commit/c393c5ce9ca2c5acc3ed6c9bb0dab5ffd61965fe a su instalación manualmente

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-11-16 CVE Reserved
2022-02-23 CVE Published
2023-10-01 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CAPEC

References (2)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://github.com/octobercms/library/commit/c393c5ce9ca2c5acc3ed6c9bb0dab5ffd61965fe	2023-07-24
https://github.com/octobercms/october/security/advisories/GHSA-79jw-2f46-wv22	2023-07-24

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Octobercms Search vendor "Octobercms"		October Search vendor "Octobercms" for product "October"				< 1.0.474 Search vendor "Octobercms" for product "October" and version " < 1.0.474"		-		Affected
Octobercms Search vendor "Octobercms"		October Search vendor "Octobercms" for product "October"				>= 1.1.0 < 1.1.10 Search vendor "Octobercms" for product "October" and version " >= 1.1.0 < 1.1.10"		-		Affected
Octobercms Search vendor "Octobercms"		October Search vendor "Octobercms" for product "October"				>= 2.0.0 < 2.1.27 Search vendor "Octobercms" for product "October" and version " >= 2.0.0 < 2.1.27"		-		Affected