5 matches found
CVE-2021-32649
October CMS is a self-hosted content management system CMS platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with "create, modify and delete website pages" privileges in the backend is able to execute PHP code by running specially crafted Twig code in t...
CVE-2021-32649
creationtimestamp| type| source ---|---|--- 2022-01-14 18:23:15+00:00| seen| https://t.me/cibsecurity/35505...
CVE-2021-32649 Authenticated file write leads to remote code execution in october/system
October CMS is a self-hosted content management system CMS platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with "create, modify and delete website pages" privileges in the backend is able to execute PHP code by running specially crafted Twig code in t...
CVE-2021-32649 Authenticated file write leads to remote code execution in october/system
October CMS is a self-hosted content management system CMS platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with "create, modify and delete website pages" privileges in the backend is able to execute PHP code by running specially crafted Twig code in t...
CVE-2021-32649
CVE-2021-32649 affects October CMS (Laravel-based). Before versions 1.0.473 and 1.1.6 , an attacker with backend privileges to create, modify and delete website pages can trigger PHP code execution by embedding specially crafted Twig code in the template markup. The issue is remedied in Build 473...