3 matches found
CVE-2021-32650
October CMS (CVE-2021-32650) is affected up to versions prior to 1.0.473 and 1.1.6, where an attacker with backend access can execute PHP code via the theme import feature, bypassing CMS safe mode. The issue has been fixed in Build 473 (v1.0.473) and v1.1.6; users unable to upgrade can apply the ...
CVE-2021-32650 Arbitrary code execution in october/system
October CMS is a self-hosted content management system CMS platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with access to the backend is able to execute PHP code by using the theme import feature. This will bypass the safe mode feature that prevents P...
CVE-2021-32650 Arbitrary code execution in october/system
October CMS is a self-hosted content management system CMS platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with access to the backend is able to execute PHP code by using the theme import feature. This will bypass the safe mode feature that prevents P...