2 matches found
CVE-2017-1000197
October CMS build 412 is vulnerable to file path modification in asset move functionality resulting in creating creating malicious files on the server...
CVE-2017-1000197
CVE-2017-1000197 affects October CMS 1.x build 412, where the asset move function allows file path modification, enabling creation of malicious files on the server. Root cause centers on insecure path handling during asset operations. NVD metrics show CVSSv2 7.5 (HIGH) and CVSSv3 9.8 (CRITICAL) w...