Lucene search
K

9 matches found

OSV
OSV
added 2021/05/04 5:42 p.m.21 views

GHSA-FCR8-6Q7R-M4WG Bypass of fix for CVE-2020-26231, Twig sandbox escape

Impact A bypass of CVE-2020-26231 fixed in 1.0.470/471 and 1.1.1 was discovered that has the same impact as CVE-2020-26231 & CVE-2020-15247: An authenticated backend user with the cms.managepages, cms.managelayouts, or cms.managepartials permissions who would normally not be permitted to provide...

5.2CVSS6AI score0.00262EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2021/05/04 5:42 p.m.74 views

Bypass of fix for CVE-2020-26231, Twig sandbox escape

Impact A bypass of CVE-2020-26231 fixed in 1.0.470/471 and 1.1.1 was discovered that has the same impact as CVE-2020-26231 & CVE-2020-15247: An authenticated backend user with the cms.managepages, cms.managelayouts, or cms.managepartials permissions who would normally not be permitted to provide...

5.2CVSS1AI score0.00262EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2021/05/03 4:15 p.m.21 views

Design/Logic Flaw

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. A bypass of CVE-2020-26231 fixed in 1.0.470/471 and 1.1.1 was discovered that has the same impact as CVE-2020-26231 & CVE-2020-15247. An authenticated backend user with the cms.managepages,...

4.4CVSS5.7AI score0.0029EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/05/03 4:0 p.m.91 views

CVE-2021-21264

CVE-2021-21264 affects October CMS (Laravel-based) and describes a Twig sandbox bypass where an authenticated backend user with cms.manage_pages, cms.manage_layouts, or cms.manage_partials permissions can write PHP code despite cms.enableSafeMode being enabled. The vulnerability mirrors the impac...

5.2CVSS5.8AI score0.00262EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2021/05/03 12:0 a.m.9 views

PT-2021-14372 · Octobercms +2 · October Cms +1

Impact A bypass of CVE-2020-26231 fixed in 1.0.470/471 and 1.1.1 was discovered that has the same impact as CVE-2020-26231 & CVE-2020-15247: An authenticated backend user with the cms.manage pages, cms.manage layouts, or cms.manage partials permissions who would normally not be permitted to provi...

6.7CVSS6AI score0.0029EPSS
Exploits0References6
Circl
Circl
added 2020/11/24 12:46 a.m.6 views

CVE-2020-26231

creationtimestamp| type| source ---|---|--- 2020-11-24 00:46:18+00:00| seen| https://t.me/cibsecurity/16758...

6.7CVSS5.8AI score0.00289EPSS
Exploits0References1
NVD
NVD
added 2020/11/23 9:15 p.m.32 views

CVE-2020-26231

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. A bypass of CVE-2020-15247 fixed in 1.0.469 and 1.1.0 was discovered that has the same impact as CVE-2020-15247. An authenticated backend user with the cms.managepages, cms.managelayouts, or...

6.7CVSS5.9AI score0.00289EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/11/23 8:55 p.m.42 views

CVE-2020-26231 Bypass of fix for CVE-2020-15247, Twig sandbox escape

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. A bypass of CVE-2020-15247 fixed in 1.0.469 and 1.1.0 was discovered that has the same impact as CVE-2020-15247. An authenticated backend user with the cms.managepages, cms.managelayouts, or...

5.2CVSS5.9AI score0.00289EPSS
Exploits0References2
CVE
CVE
added 2020/11/23 8:55 p.m.81 views

CVE-2020-26231

October CMS (Laravel-based) has a vulnerability where an authenticated backend user with cms.manage_pages, cms.manage_layouts, or cms.manage_partials can bypass cms.enableSafeMode and write Twig code to escape the sandbox, executing arbitrary PHP. The issue mirrors CVE-2020-26231 and has been fix...

6.7CVSS5.8AI score0.00289EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder