146 matches found
CVE-2022-23655
CVE-2022-23655 affects Octobercms (Laravel-based) where affected versions did not validate gateway server signatures. This allows non-authoritative gateway servers to exfiltrate user private keys. The fix is available via upgrading to build 474 or v1.1.10, or applying the patch commit e3b455ad587...
CVE-2022-23655 Missing server signature validation in OctoberCMS
Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. Affected versions of OctoberCMS did not validate gateway server signatures. As a result non-authoritative gateway servers may be used to exfiltrate user private keys. Users are advised to upgrade their installations to...
CVE-2022-23655 Missing server signature validation in OctoberCMS
Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. Affected versions of OctoberCMS did not validate gateway server signatures. As a result non-authoritative gateway servers may be used to exfiltrate user private keys. Users are advised to upgrade their installations to...
CVE-2022-23655 Missing server signature validation in OctoberCMS
Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. Affected versions of OctoberCMS did not validate gateway server signatures. As a result non-authoritative gateway servers may be used to exfiltrate user private keys. Users are advised to upgrade their installations to...
CVE-2022-21705
Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. In affected versions user input was not properly sanitized before rendering. An authenticated user with the permissions to create, modify and delete website pages can exploit this vulnerability to bypass cms.safemode /...
Design/Logic Flaw
Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. In affected versions user input was not properly sanitized before rendering. An authenticated user with the permissions to create, modify and delete website pages can exploit this vulnerability to bypass cms.safemode /...
CVE-2022-21705
October CMS (Laravel-based) is vulnerable to an authenticated remote code execution due to improper sanitization of user input in admin pages, allowing bypass of cms.safe_mode/cms.enableSafeMode and arbitrary code execution. Affected builds were fixed in Build 474 (1.0.474) and 1.1.10; manual rem...
CVE-2022-21705 Authenticated remote code execution in octobercms
Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. In affected versions user input was not properly sanitized before rendering. An authenticated user with the permissions to create, modify and delete website pages can exploit this vulnerability to bypass cms.safemode /...
CVE-2022-21705 Authenticated remote code execution in octobercms
Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. In affected versions user input was not properly sanitized before rendering. An authenticated user with the permissions to create, modify and delete website pages can exploit this vulnerability to bypass cms.safemode /...
CVE-2022-21705 Authenticated remote code execution in octobercms
Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. In affected versions user input was not properly sanitized before rendering. An authenticated user with the permissions to create, modify and delete website pages can exploit this vulnerability to bypass cms.safemode /...
PT-2022-15052 · Unknown · October Cms
Name of the Vulnerable Software and Affected Versions: Octobercms versions prior to 1.0.474 Octobercms versions prior to 1.1.10 Description: Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. In affected versions, user input was not properly sanitized before rendering. A...
Octobercms 数据伪造问题漏洞
Octobercms is a Php-based Cms website builder from Octobercms, Inc. A data forgery issue vulnerability exists in Octobercms that stems from an input validation error when handling directory traversal sequences in filenames in zip archives. A remote user can upload a specially crafted zip archive...
Octobercms 安全漏洞
Octobercms is a Php-based Cms website builder from Octobercms Inc. in the United States. Octobercms suffers from a security vulnerability that originates from user input not being properly cleared before rendering. An authenticated user with the permission to create, modify, and delete pages on t...
GHSA-WV23-PFJ7-2MJJ October/System authenticated file write leads to remote code execution
Impact Assuming an attacker with "create, modify and delete website pages" privileges in the backend is able to execute PHP code by running specially crafted Twig code in the template markup. Patches Issue has been patched in Build 473 and v1.1.6 Workarounds Apply...
October/System authenticated file write leads to remote code execution
Impact Assuming an attacker with "create, modify and delete website pages" privileges in the backend is able to execute PHP code by running specially crafted Twig code in the template markup. Patches Issue has been patched in Build 473 and v1.1.6 Workarounds Apply...
Account Takeover in Octobercms
Impact An attacker can request an account password reset and then gain access to the account using a specially crafted request. - To exploit this vulnerability, an attacker must know the username of an administrator and have access to the password reset form. Patches - Issue has been patched in...
CVE-2021-32648
octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. The issue has been patched in Build 472 and v1.1.5...
CVE-2021-32648
octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. The issue has been patched in Build 472 and v1.1.5...
CVE-2021-29487
octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can exploit this vulnerability to bypass authentication and takeover of and user account on an October CMS server. The vulnerability is exploitable by unauthenticated...
CVE-2021-29487
octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can exploit this vulnerability to bypass authentication and takeover of and user account on an October CMS server. The vulnerability is exploitable by unauthenticated...