3 matches found
CVE-2020-5296
In OctoberCMS october/october composer package versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to delete arbitrary local files of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the cms.manageassets permission...
CVE-2020-5296
CVE-2020-5296 affects OctoberCMS (october/october composer package) versions 1.0.319–1.0.465. An authenticated backend user with the cms.manage_assets permission can delete arbitrary local files on the server. The issue is fixed in Build 466 (v1.0.466). The vulnerability originates from improper ...
CVE-2020-5296 Arbitrary File Deletion vulnerability in OctoberCMS
In OctoberCMS october/october composer package versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to delete arbitrary local files of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the cms.manageassets permission...