GHSA-PWVP-H579-HFXG Total.js CMS Path Traversal

An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the Pages privilege can conduct a path traversal attack ../ to include .html files that are outside the permitted directory. Also, if a page contains a template directive, then the directive will be server side processed...

October CMS 代码代码注入漏洞

October CMS is an open source content management system CMS based on PHP and Laravel web application framework. A file upload vulnerability exists in October CMS, which stems from the "Create, Modify, and Delete Site Pages" privilege of the management system, and can be exploited by an attacker t...

CVE-2019-15952

An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the Pages privilege can conduct a path traversal attack ../ to include .html files that are outside the permitted directory. Also, if a page contains a template directive, then the directive will be server side processed...