2 matches found
CVE-2017-1000195
October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting in ability to delete files limited by file permissions on the server...
CVE-2017-1000195
October CMS build 412 is vulnerable to PHP object injection in the asset move functionality, allowing an attacker to delete files on the server within the constraints of file permissions. The vulnerability is triggered through the asset handling path in October CMS, with documented remediation vi...