Lucene search
China National Vulnerability DatabaseCNVD-2022-08037HistoryJan 17, 2022 - 12:00 a.m.
October CMS file upload vulnerability
2022-01-1700:00:00
China National Vulnerability Database
www.cnvd.org.cn
6
0.001 Low
EPSS
Percentile
42.0%
October CMS is an open source content management system (CMS) based on PHP and the Laravel web application framework. October CMS suffers from a file upload vulnerability that stems from the “create, modify, and delete site pages” privilege of the management system, which could be exploited by an attacker to upload specific code to execute PHP code. The vulnerability is caused by the “create, modify and delete website pages” privilege in the CMS, which can be exploited to upload specific code to execute PHP code.
| CPE | Name | Operator | Version |
|---|---|---|---|
| October CMS October CMS | lt | 1.0.473 | |
| October CMS October CMS >=1.1.0, | lt | 1.1.6 |
Related
cvelist
cvelist
veracode
veracode
Remote Code Execution (RCE)
2022-01-17 07:46:51
cve
cve
CVE-2021-32649
2022-01-14 15:15:07
osv
osv
October/System authenticated file write leads to remote code execution
2022-01-14 21:08:23
CVE-2021-32649
2022-01-14 15:15:07
prion
prion
Code injection
2022-01-14 15:15:00
nvd
nvd
CVE-2021-32649
2022-01-14 15:15:07
github
github
October/System authenticated file write leads to remote code execution
2022-01-14 21:08:23