5 matches found
CVE-2020-5295
In OctoberCMS october/october composer package versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to read local files of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the cms.manageassets permission. Issue has...
CVE-2020-5295
creationtimestamp| type| source ---|---|--- 2024-11-14 06:07:13+00:00| seen| MISP/7be53586-c369-4f40-9955-821d8b372d1e...
October CMS Build 465 - Arbitrary File Read Exploit (Authenticated)
Exploit Title: October CMS Build 465 - Arbitrary File Read Exploit Authenticated Date: 2020-03-31 Exploit Author: Sivanesh Ashok Vendor Homepage: https://octobercms.com/ Version: Build 465 and below Tested on: Windows 10 / XAMPP / October CMS Build 465 CVE: CVE-2020-5295 echo ''' Authenticated...
CVE-2020-5295
CVE-2020-5295 affects October CMS (october/october composer package) versions 1.0.319–1.0.465. An authenticated backend user with cms.manage_assets permission can read local files on the server. The issue has been fixed in Build 466 (v1.0.466).
CVE-2020-5295 Local File read vulnerability in OctoberCMS
In OctoberCMS october/october composer package versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to read local files of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the cms.manageassets permission. Issue has...