7 matches found
CVE-2021-21264
CVE-2021-21264 affects October CMS (Laravel-based) and describes a Twig sandbox bypass where an authenticated backend user with cms.manage_pages, cms.manage_layouts, or cms.manage_partials permissions can write PHP code despite cms.enableSafeMode being enabled. The vulnerability mirrors the impac...
Sandbox Escape
October is vulnerable to arbitrary code execution. An authenticated backend user with cms.managepages, cms.managelayouts, or cms.managepartials permissions is allowed to write malicious Twig code leading to an escape from sandbox even if cms.enableSafeMode is set. This vulnerability is a bypass o...
Design/Logic Flaw
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. A bypass of CVE-2020-15247 fixed in 1.0.469 and 1.1.0 was discovered that has the same impact as CVE-2020-15247. An authenticated backend user with the cms.managepages, cms.managelayouts, or...
GHSA-R89V-CGV7-3JHX Bypass of fix for CVE-2020-15247, Twig sandbox escape
Impact A bypass of CVE-2020-15247 fixed in 1.0.469 and 1.1.0 was discovered that has the same impact as CVE-2020-15247: An authenticated backend user with the cms.managepages, cms.managelayouts, or cms.managepartials permissions who would normally not be permitted to provide PHP code to be execut...
Bypass of fix for CVE-2020-15247, Twig sandbox escape
Impact A bypass of CVE-2020-15247 fixed in 1.0.469 and 1.1.0 was discovered that has the same impact as CVE-2020-15247: An authenticated backend user with the cms.managepages, cms.managelayouts, or cms.managepartials permissions who would normally not be permitted to provide PHP code to be execut...
CVE-2020-15247
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.469, an authenticated backend user with the cms.managepages, cms.managelayouts, or cms.managepartials permissions who would normally not be...
CVE-2020-15247
Technical details about CVE-2020-15247 are not publicly provided in the connected documents. The available sources mention related CVEs and patches for October CMS, but no explicit technical specifics are included here. Monitor for updates.