Lucene search
GoogleOSV:CVE-2020-5296HistoryJun 03, 2020 - 10:15 p.m.
CVE-2020-5296
2020-06-0322:15:11
Google
osv.dev
4
In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to delete arbitrary local files of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the cms.manage_assets permission. Issue has been patched in Build 466 (v1.0.466).
Related
cvelist
cvelist
CVE-2020-5296 Arbitrary File Deletion vulnerability in OctoberCMS
2020-06-03 21:55:23
nvd
nvd
CVE-2020-5296
2020-06-03 22:15:11
cve
cve
CVE-2020-5296
2020-06-03 22:15:11
prion
prion
Code injection
2020-06-03 22:15:00
github
github
Arbitrary File Deletion vulnerability in OctoberCMS
2020-06-03 21:58:21
veracode
veracode
Arbitrary File Deletion
2020-06-04 03:25:07
osv
osv
Arbitrary File Deletion vulnerability in OctoberCMS
2020-06-03 21:58:21
zdt
zdt
packetstorm
packetstorm
October CMS Build 465 XSS / File Read / File Deletion / CSV Injection
2020-08-03 00:00:00