Lucene search

Local File read vulnerability in OctoberCMS

🗓️ 03 Jun 2020 21:16:58Reported by GitHub Advisory DatabaseType

Local File read vulnerability in OctoberCMS. Exploitable by authenticated backend user with `cms.manage_assets` permission. Patches in Build 466 (v1.0.466

Reporter	Title	Published	Views	Family All 10
OSV	Local File read vulnerability in OctoberCMS	3 Jun 202021:58	–	osv
OSV	CVE-2020-5295	3 Jun 202022:15	–	osv
Cvelist	CVE-2020-5295 Local File read vulnerability in OctoberCMS	3 Jun 202021:50	–	cvelist
Veracode	Unauthorized Local File Read	4 Jun 202008:29	–	veracode
Prion	Code injection	3 Jun 202022:15	–	prion
NVD	CVE-2020-5295	3 Jun 202022:15	–	nvd
CVE	CVE-2020-5295	3 Jun 202022:15	–	cve
Exploit DB	October CMS Build 465 - Arbitrary File Read Exploit (Authenticated)	13 Nov 202000:00	–	exploitdb
Packet Storm	October CMS Build 465 XSS / File Read / File Deletion / CSV Injection	3 Aug 202000:00	–	packetstorm
0day.today	October CMS Build 465 XSS / File Read / File Deletion / CSV Injection Vulnerabilities	3 Aug 202000:00	–	zdt

Vulners

Node

october cmsRange1.0.319–1.0.466

Source	Link
github	www.github.com/octobercms/october/security/advisories/GHSA-r23f-c2j5-rx2f
github	www.github.com/octobercms/october/commit/2b8939cc8b5b6fe81e093fe2c9f883ada4e3c8cc
nvd	www.nvd.nist.gov/vuln/detail/CVE-2020-5295
packetstormsecurity	www.packetstormsecurity.com/files/158730/October-CMS-Build-465-XSS-File-Read-File-Deletion-CSV-Injection.html
seclists	www.seclists.org/fulldisclosure/2020/Aug/2
github	www.github.com/advisories/GHSA-r23f-c2j5-rx2f

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

03 Jun 2020 21:58Current

0.2Low risk

Vulners AI Score0.2

CVSS24

CVSS34.8 - 4.9

EPSS0.08712