Lucene search
PRIOn knowledge basePRION:CVE-2023-44382HistoryDec 01, 2023 - 10:15 p.m.
Code injection
2023-12-0122:15:00
PRIOn knowledge base
www.prio-n.com
4
october cms
backend
code injection
twig sandbox escape
php
patched
nvd
October is a Content Management System (CMS) and web platform to assist with development workflow. An authenticated backend user with the editor.cms_pages, editor.cms_layouts, or editor.cms_partials permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to cms.safe_mode being enabled can write specific Twig code to escape the Twig sandbox and execute arbitrary PHP. This issue has been patched in 3.4.15.
Related
osv
osv
October CMS safe mode bypass using Twig sandbox escape
2023-11-29 21:33:21
github
github
October CMS safe mode bypass using Twig sandbox escape
2023-11-29 21:33:21
cve
cve
CVE-2023-44382
2023-12-01 22:15:09
veracode
veracode
Server Side Template Injection
2023-11-30 06:32:02
nvd
nvd
CVE-2023-44382
2023-12-01 22:15:09
cvelist
cvelist
CVE-2023-44382 October CMS safe mode bypass using Twig sandbox escape
2023-12-01 21:48:41