PT-2022-10089 · Unknown · October Cms

Name of the Vulnerable Software and Affected Versions: October CMS versions prior to 1.0.473 and 1.1.6 Description: The issue allows an attacker with "create, modify and delete website pages" privileges in the backend to execute PHP code by running specially crafted Twig code in the template...