9 matches found
GHSA-FCR8-6Q7R-M4WG Bypass of fix for CVE-2020-26231, Twig sandbox escape
Impact A bypass of CVE-2020-26231 fixed in 1.0.470/471 and 1.1.1 was discovered that has the same impact as CVE-2020-26231 & CVE-2020-15247: An authenticated backend user with the cms.managepages, cms.managelayouts, or cms.managepartials permissions who would normally not be permitted to provide...
Bypass of fix for CVE-2020-26231, Twig sandbox escape
Impact A bypass of CVE-2020-26231 fixed in 1.0.470/471 and 1.1.1 was discovered that has the same impact as CVE-2020-26231 & CVE-2020-15247: An authenticated backend user with the cms.managepages, cms.managelayouts, or cms.managepartials permissions who would normally not be permitted to provide...
Design/Logic Flaw
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. A bypass of CVE-2020-26231 fixed in 1.0.470/471 and 1.1.1 was discovered that has the same impact as CVE-2020-26231 & CVE-2020-15247. An authenticated backend user with the cms.managepages,...
CVE-2021-21264
CVE-2021-21264 affects October CMS (Laravel-based) and describes a Twig sandbox bypass where an authenticated backend user with cms.manage_pages, cms.manage_layouts, or cms.manage_partials permissions can write PHP code despite cms.enableSafeMode being enabled. The vulnerability mirrors the impac...
PT-2021-14372 · Octobercms +2 · October Cms +1
Impact A bypass of CVE-2020-26231 fixed in 1.0.470/471 and 1.1.1 was discovered that has the same impact as CVE-2020-26231 & CVE-2020-15247: An authenticated backend user with the cms.manage pages, cms.manage layouts, or cms.manage partials permissions who would normally not be permitted to provi...
CVE-2020-26231
creationtimestamp| type| source ---|---|--- 2020-11-24 00:46:18+00:00| seen| https://t.me/cibsecurity/16758...
CVE-2020-26231
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. A bypass of CVE-2020-15247 fixed in 1.0.469 and 1.1.0 was discovered that has the same impact as CVE-2020-15247. An authenticated backend user with the cms.managepages, cms.managelayouts, or...
CVE-2020-26231 Bypass of fix for CVE-2020-15247, Twig sandbox escape
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. A bypass of CVE-2020-15247 fixed in 1.0.469 and 1.1.0 was discovered that has the same impact as CVE-2020-15247. An authenticated backend user with the cms.managepages, cms.managelayouts, or...
CVE-2020-26231
October CMS (Laravel-based) has a vulnerability where an authenticated backend user with cms.manage_pages, cms.manage_layouts, or cms.manage_partials can bypass cms.enableSafeMode and write Twig code to escape the sandbox, executing arbitrary PHP. The issue mirrors CVE-2020-26231 and has been fix...