October CMS is an open source content management system (CMS) based on PHP and the Laravel web application framework. October CMS suffers from a file upload vulnerability that stems from the “create, modify, and delete site pages” privilege of the management system, which could be exploited by an attacker to upload specific code to execute PHP code. The vulnerability is caused by the “create, modify and delete website pages” privilege in the CMS, which can be exploited to upload specific code to execute PHP code.
CPE | Name | Operator | Version |
---|---|---|---|
October CMS October CMS | lt | 1.0.473 | |
October CMS October CMS >=1.1.0, | lt | 1.1.6 |