Lucene search
+L

7 matches found

CVE
CVE
added 2021/05/03 4:0 p.m.92 views

CVE-2021-21264

CVE-2021-21264 affects October CMS (Laravel-based) and describes a Twig sandbox bypass where an authenticated backend user with cms.manage_pages, cms.manage_layouts, or cms.manage_partials permissions can write PHP code despite cms.enableSafeMode being enabled. The vulnerability mirrors the impac...

5.2CVSS5.8AI score0.00262EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2020/11/24 7:31 a.m.17 views

Sandbox Escape

October is vulnerable to arbitrary code execution. An authenticated backend user with cms.managepages, cms.managelayouts, or cms.managepartials permissions is allowed to write malicious Twig code leading to an escape from sandbox even if cms.enableSafeMode is set. This vulnerability is a bypass o...

6.7CVSS3.3AI score0.0029EPSS
Exploits0References2Affected Software2
Prion
Prion
added 2020/11/23 9:15 p.m.19 views

Design/Logic Flaw

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. A bypass of CVE-2020-15247 fixed in 1.0.469 and 1.1.0 was discovered that has the same impact as CVE-2020-15247. An authenticated backend user with the cms.managepages, cms.managelayouts, or...

4.4CVSS5.8AI score0.0029EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2020/11/23 8:54 p.m.29 views

GHSA-R89V-CGV7-3JHX Bypass of fix for CVE-2020-15247, Twig sandbox escape

Impact A bypass of CVE-2020-15247 fixed in 1.0.469 and 1.1.0 was discovered that has the same impact as CVE-2020-15247: An authenticated backend user with the cms.managepages, cms.managelayouts, or cms.managepartials permissions who would normally not be permitted to provide PHP code to be execut...

5.2CVSS6AI score0.00289EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2020/11/23 8:54 p.m.104 views

Bypass of fix for CVE-2020-15247, Twig sandbox escape

Impact A bypass of CVE-2020-15247 fixed in 1.0.469 and 1.1.0 was discovered that has the same impact as CVE-2020-15247: An authenticated backend user with the cms.managepages, cms.managelayouts, or cms.managepartials permissions who would normally not be permitted to provide PHP code to be execut...

6.7CVSS1AI score0.00289EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2020/11/23 8:15 p.m.18 views

CVE-2020-15247

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.469, an authenticated backend user with the cms.managepages, cms.managelayouts, or cms.managepartials permissions who would normally not be...

5.2CVSS6.2AI score
Exploits0References2
CVE
CVE
added 2020/11/23 7:35 p.m.77 views

CVE-2020-15247

Technical details about CVE-2020-15247 are not publicly provided in the connected documents. The available sources mention related CVEs and patches for October CMS, but no explicit technical specifics are included here. Monitor for updates.

5.2CVSS5.7AI score0.0029EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder