3 matches found
CVE-2022-21705
Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. In affected versions user input was not properly sanitized before rendering. An authenticated user with the permissions to create, modify and delete website pages can exploit this vulnerability to bypass cms.safemode /...
CVE-2022-21705 Authenticated remote code execution in octobercms
Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. In affected versions user input was not properly sanitized before rendering. An authenticated user with the permissions to create, modify and delete website pages can exploit this vulnerability to bypass cms.safemode /...
CVE-2022-21705
October CMS (Laravel-based) is vulnerable to an authenticated remote code execution due to improper sanitization of user input in admin pages, allowing bypass of cms.safe_mode/cms.enableSafeMode and arbitrary code execution. Affected builds were fixed in Build 474 (1.0.474) and 1.1.10; manual rem...