11 matches found
EUVD-2020-0593
Malware in sbrugna...
EUVD-2017-6741
Malware in sbrugna...
EUVD-2020-0496
Malware in sbrugna...
EUVD-2020-0458
Malware in sbrugna...
EUVD-2020-0511
Malware in sbrugna...
CVE-2022-23655
Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. Affected versions of OctoberCMS did not validate gateway server signatures. As a result non-authoritative gateway servers may be used to exfiltrate user private keys. Users are advised to upgrade their installations to...
CVE-2020-5296
In OctoberCMS october/october composer package versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to delete arbitrary local files of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the cms.manageassets permission...
CVE-2020-5298
In OctoberCMS october/october composer package versions from 1.0.319 and before 1.0.466, a user with the ability to use the import functionality of the ImportExportController behavior can be socially engineered by an attacker to upload a maliciously crafted CSV file which could result in a...
CVE-2020-15128
In OctoberCMS before version 1.0.468, encrypted cookie values were not tied to the name of the cookie the value belonged to. This meant that certain classes of attacks that took advantage of other theoretical vulnerabilities in user facing code nothing exploitable in the core project itself had a...
OctoberCMS Cross-Site Scripting
Cross-Site Scripting exists in OctoberCMS 1.0.425 aka Build 425, allowing a least privileged user to upload an SVG file containing malicious code as the Avatar for the profile. When this is opened by the Admin, it causes JavaScript execution in the context of the Admin account...
CVE-2021-32648 Account Takeover in Octobercms
octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. The issue has been patched in Build 472 and v1.1.5...