October@* Security Vulnerabilities and Issues — October@* CVE List

Lucene search

OctobercmsOctober*

9 matches found

CVE•added 2022/02/23 7:15 p.m.•137 views

CVE-2022-21705

Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. In affected versions user input was not properly sanitized before rendering. An authenticated user with the permissions to create, modify and delete website pages can exploit this vulnerability to bypass cms.safe_mode / cm...

8.5CVSS7.2AI score0.85421EPSS

CVE•added 2022/02/24 12:15 a.m.•124 views

CVE-2022-23655

Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. Affected versions of OctoberCMS did not validate gateway server signatures. As a result non-authoritative gateway servers may be used to exfiltrate user private keys. Users are advised to upgrade their installations to bui...

5.3CVSS5.2AI score0.00142EPSS

CVE•added 2022/07/12 8:15 p.m.•90 views

CVE-2022-24800

October/System is the system module for October CMS, a self-hosted CMS platform based on the Laravel PHP Framework. Prior to versions 1.0.476, 1.1.12, and 2.2.15, when the developer allows the user to specify their own filename in the fromData method, an unauthenticated user can perform remote code...

8.1CVSS8.5AI score0.02925EPSS

CVE•added 2021/03/10 10:15 p.m.•87 views

CVE-2021-21265

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October before version 1.1.2, when running on poorly configured servers (i.e. the server routes any request, regardless of the HOST header to an October CMS instance) the potential exists for Host Header...

7.5CVSS7AI score0.0047EPSS

CVE•added 2022/10/13 10:15 p.m.•63 views

CVE-2022-35944

October is a self-hosted Content Management System (CMS) platform based on the Laravel PHP Framework. This vulnerability only affects installations that rely on the safe mode restriction, commonly used when providing public access to the admin panel. Assuming an attacker has access to the admin pan...

7.2CVSS6.6AI score0.00017EPSS

CVE•added 2022/01/14 3:15 p.m.•62 views

CVE-2021-32649

October CMS is a self-hosted content management system (CMS) platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with "create, modify and delete website pages" privileges in the backend is able to execute PHP code by running specially crafted Twig code in t...

8.8CVSS8.8AI score0.005EPSS

CVE•added 2020/07/31 6:15 p.m.•54 views

CVE-2020-15128

In OctoberCMS before version 1.0.468, encrypted cookie values were not tied to the name of the cookie the value belonged to. This meant that certain classes of attacks that took advantage of other theoretical vulnerabilities in user facing code (nothing exploitable in the core project itself) had a...

6.3CVSS6.6AI score0.00113EPSS

CVE•added 2025/05/05 5:18 p.m.•48 views

CVE-2024-51991

October is a Content Management System (CMS) and web platform. A vulnerability in versions prior to 3.7.5 affects authenticated administrators with sites that have the media.clean_vectors configuration enabled. This configuration will sanitize SVG files uploaded using the media manager. This vulner...

4.9CVSS6.2AI score0.00051EPSS

CVE•added 2018/07/23 3:29 p.m.•39 views

CVE-2018-1999008

October CMS version prior to build 437 contains a Cross Site Scripting (XSS) vulnerability in the Media module and create folder functionality that can result in an Authenticated user with media module permission creating arbitrary folder name with XSS content. This attack appear to be exploitable ...

5.4CVSS5.3AI score0.0033EPSS