Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

NVD
NVDadded 2020/11/23 8:15 p.m.13 views

CVE-2020-15246

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.421 and before version 1.0.469, an attacker can read local files on an October CMS server via a specially crafted request. Issue has been patched in Build 469 v1.0.469 and...

7.5CVSS7.4AI score0.01094EPSS
Exploits0References2
Prion
Prionadded 2020/11/23 8:15 p.m.18 views

Double free

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.469, backend users with access to upload files were permitted to upload SVG files without any sanitization applied to the uploaded files. Since S...

3.5CVSS5.3AI score0.00165EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2020/11/23 7:50 p.m.16 views

CVE-2020-15249 Stored XSS by authenticated backend user with access to upload files

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.469, backend users with access to upload files were permitted to upload SVG files without any sanitization applied to the uploaded files. Since S...

2.8CVSS5.4AI score0.00165EPSS
Exploits0References2
Github Security Blog
Github Security Blogadded 2020/11/23 7:48 p.m.75 views

Local File Inclusion by unauthenticated users

Impact An attacker can exploit this vulnerability to read local files on an October CMS server. The vulnerability is exploitable by unauthenticated users via a specially crafted request. Patches Issue has been patched in Build 469 v1.0.469 and v1.1.0. Workarounds Apply...

7.5CVSS1.5AI score0.01094EPSS
Exploits0References4Affected Software1
OSV
OSVadded 2020/11/23 7:48 p.m.18 views

GHSA-XWJR-6FJ7-FC6H Local File Inclusion by unauthenticated users

Impact An attacker can exploit this vulnerability to read local files on an October CMS server. The vulnerability is exploitable by unauthenticated users via a specially crafted request. Patches Issue has been patched in Build 469 v1.0.469 and v1.1.0. Workarounds Apply...

7.5CVSS7.3AI score0.01094EPSS
Exploits0References4
Github Security Blog
Github Security Blogadded 2020/11/23 7:47 p.m.44 views

Stored XSS by authenticated backend user with access to upload files

Impact Backend users with access to upload files were permitted to upload SVG files without any sanitization applied to the uploaded files. Since SVG files support being parsed as HTML by browsers, this means that they could theoretically upload Javascript that would be executed on a path under t...

5.4CVSS0.5AI score0.00165EPSS
Exploits0References4Affected Software1
Cvelist
Cvelistadded 2020/11/23 7:25 p.m.17 views

CVE-2020-15246 Local File Inclusion by unauthenticated users

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.421 and before version 1.0.469, an attacker can read local files on an October CMS server via a specially crafted request. Issue has been patched in Build 469 v1.0.469 and...

7.5CVSS7.4AI score0.01094EPSS
Exploits0References2
Rows per page
Query Builder