2 matches found
CVE-2023-44381 October CMS safe mode bypass using Page template injection
October is a Content Management System CMS and web platform to assist with development workflow. An authenticated backend user with the editor.cmspages, editor.cmslayouts, or editor.cmspartials permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to...
GHSA-Q22J-5R3G-9HMH October CMS safe mode bypass using Page template injection
Impact An authenticated backend user with the editor.cmspages, editor.cmslayouts, or editor.cmspartials permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to cms.safemode being enabled can craft a special request to include PHP code in the CMS...