GitHub Advisory DatabaseGHSA-79JW-2F46-WV22Authenticated remote code execution in October CMS
8.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.005 Low
EPSS
Percentile
77.0%
Impact
An authenticated user with the permissions to create, modify and delete website pages can exploit this vulnerability to bypass cms.safe_mode / cms.enableSafeMode in order to execute arbitrary code.
- This issue only affects admin panels that rely on safe mode and restricted permissions.
- To exploit this vulnerability, an attacker must first have access to the backend area.
Patches
The issue has been patched in Build 474 (v1.0.474) and v1.1.10.
Workarounds
Apply https://github.com/octobercms/library/commit/c393c5ce9ca2c5acc3ed6c9bb0dab5ffd61965fe to your installation manually if unable to upgrade to Build 474 or v1.1.10.
References
Credits to:
- David Miller
For more information
If you have any questions or comments about this advisory:
- Email us at [email protected]
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| october/system | lt | 2.1.27 | |
| october/system | lt | 1.1.10 | |
| october/system | lt | 1.0.474 |
Related
8.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.005 Low
EPSS
Percentile
77.0%