Lucene search
PRIOn knowledge basePRION:CVE-2020-5297HistoryJun 03, 2020 - 10:15 p.m.
Design/Logic Flaw
2020-06-0322:15:00
PRIOn knowledge base
www.prio-n.com
In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to upload jpg, jpeg, bmp, png, webp, gif, ico, css, js, woff, woff2, svg, ttf, eot, json, md, less, sass, scss, xml files to any directory of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the cms.manage_assets permission. Issue has been patched in Build 466 (v1.0.466).
Related
cve
cve
CVE-2020-5297
2020-06-03 22:15:11
veracode
veracode
Unrestricted File Upload
2020-06-04 07:43:32
osv
osv
Upload whitelisted files to any directory in OctoberCMS
2020-06-03 21:58:27
CVE-2020-5297
2020-06-03 22:15:11
cvelist
cvelist
CVE-2020-5297 Upload whitelisted files to any directory in OctoberCMS
2020-06-03 21:55:18
nvd
nvd
CVE-2020-5297
2020-06-03 22:15:11
github
github
Upload whitelisted files to any directory in OctoberCMS
2020-06-03 21:58:27
zdt
zdt
packetstorm
packetstorm
October CMS Build 465 XSS / File Read / File Deletion / CSV Injection
2020-08-03 00:00:00