Lucene search
+L

425 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 7:53 a.m.12 views

CVE-2024-24764

October is a self-hosted CMS platform based on the Laravel PHP Framework. This issue affects authenticated administrators who may be redirected to an untrusted URL using the PageFinder schema. The resolver for the page finder link schema october:// allowed external links, therefore allowing an op...

4.8CVSS6.7AI score0.00265EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:28 a.m.8 views

CVE-2023-44381

October is a Content Management System CMS and web platform to assist with development workflow. An authenticated backend user with the editor.cmspages, editor.cmslayouts, or editor.cmspartials permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to...

4.9CVSS6.8AI score0.00511EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 4:5 a.m.10 views

CVE-2023-37692

An arbitrary file upload vulnerability in October CMS v3.4.4 allows attackers to execute arbitrary code via a crafted file...

5.4CVSS7.7AI score0.00493EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 9:58 p.m.10 views

CVE-2022-35944

October is a self-hosted Content Management System CMS platform based on the Laravel PHP Framework. This vulnerability only affects installations that rely on the safe mode restriction, commonly used when providing public access to the admin panel. Assuming an attacker has access to the admin pan...

7.2CVSS6.9AI score0.00864EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:31 p.m.10 views

CVE-2021-21265

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October before version 1.1.2, when running on poorly configured servers i.e. the server routes any request, regardless of the HOST header to an October CMS instance the potential exists for Host Header...

7.5CVSS6.8AI score0.01748EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:30 p.m.10 views

CVE-2021-21264

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. A bypass of CVE-2020-26231 fixed in 1.0.470/471 and 1.1.1 was discovered that has the same impact as CVE-2020-26231 & CVE-2020-15247. An authenticated backend user with the cms.managepages,...

6.7CVSS7.4AI score0.0029EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:45 p.m.13 views

CVE-2021-32649

October CMS is a self-hosted content management system CMS platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with "create, modify and delete website pages" privileges in the backend is able to execute PHP code by running specially crafted Twig code in t...

8.8CVSS7.1AI score0.01336EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 7:45 p.m.11 views

CVE-2021-32650

October CMS is a self-hosted content management system CMS platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with access to the backend is able to execute PHP code by using the theme import feature. This will bypass the safe mode feature that prevents P...

8.8CVSS7.3AI score0.02087EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 7:36 p.m.17 views

CVE-2021-29487

octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can exploit this vulnerability to bypass authentication and takeover of and user account on an October CMS server. The vulnerability is exploitable by unauthenticated...

7.4CVSS7.1AI score0.00895EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:42 p.m.7 views

CVE-2020-5295

In OctoberCMS october/october composer package versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to read local files of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the cms.manageassets permission. Issue has...

4.9CVSS6.3AI score0.07371EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:25 p.m.8 views

CVE-2020-11094

The October CMS debugbar plugin before version 3.1.0 contains a feature where it will log all requests and all information pertaining to each request including session data whenever it is enabled. This presents a problem if the plugin is ever enabled on a system that is open to untrusted users as...

9.8CVSS9AI score0.01047EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:36 p.m.15 views

CVE-2018-1999009

October CMS version prior to Build 437 contains a Local File Inclusion vulnerability in modules/system/traits/ViewMaker.php244 makeFileContents function that can result in Sensitive information disclosure and remote code execution. This attack appear to be exploitable remotely if the /backend pat...

8.1CVSS7.5AI score0.02391EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:5 a.m.12 views

CVE-2018-1999008

October CMS version prior to build 437 contains a Cross Site Scripting XSS vulnerability in the Media module and create folder functionality that can result in an Authenticated user with media module permission creating arbitrary folder name with XSS content. This attack appear to be exploitable...

5.4CVSS5.5AI score0.00521EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:11 a.m.14 views

CVE-2017-1000193

October CMS build 412 is vulnerable to stored WCI a.k.a XSS in brand logo image name resulting in JavaScript code execution in the victim's browser...

6.1CVSS7AI score0.01003EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:17 a.m.11 views

CVE-2017-1000196

October CMS build 412 is vulnerable to PHP code execution in the asset manager functionality resulting in site compromise and possibly other applications on the server...

9.8CVSS7.4AI score0.01944EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:17 a.m.10 views

CVE-2017-1000194

October CMS build 412 is vulnerable to Apache configuration modification via file upload functionality resulting in site compromise and possibly other applications on the server...

9.8CVSS6.8AI score0.01237EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:17 a.m.7 views

CVE-2017-1000195

October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting in ability to delete files limited by file permissions on the server...

7.5CVSS7.2AI score0.01525EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:17 a.m.10 views

CVE-2017-1000197

October CMS build 412 is vulnerable to file path modification in asset move functionality resulting in creating creating malicious files on the server...

9.8CVSS6.8AI score0.01212EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/07 5:28 p.m.18 views

CVE-2024-51991

October is a Content Management System CMS and web platform. A vulnerability in versions prior to 3.7.5 affects authenticated administrators with sites that have the media.cleanvectors configuration enabled. This configuration will sanitize SVG files uploaded using the media manager. This...

4.9CVSS6.5AI score0.00306EPSS
Exploits0References1
OSV
OSV
added 2025/05/05 5:4 p.m.4 views

CVE-2024-51991 October CMS Allows Unprotected SVG Rename in Media Manager

October is a Content Management System CMS and web platform. A vulnerability in versions prior to 3.7.5 affects authenticated administrators with sites that have the media.cleanvectors configuration enabled. This configuration will sanitize SVG files uploaded using the media manager. This...

4.8CVSS6.6AI score0.00306EPSS
Exploits0References3
Rows per page
Query Builder