October@2.0.0 Security Vulnerabilities and Issues — October@2.0.0 CVE List

Lucene search

OctobercmsOctober2.0.0

3 matches found

CVE•added 2022/02/23 7:15 p.m.•137 views

CVE-2022-21705

Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. In affected versions user input was not properly sanitized before rendering. An authenticated user with the permissions to create, modify and delete website pages can exploit this vulnerability to bypass cms.safe_mode / cm...

8.5CVSS7.2AI score0.85421EPSS

CVE•added 2022/07/12 8:15 p.m.•90 views

CVE-2022-24800

October/System is the system module for October CMS, a self-hosted CMS platform based on the Laravel PHP Framework. Prior to versions 1.0.476, 1.1.12, and 2.2.15, when the developer allows the user to specify their own filename in the fromData method, an unauthenticated user can perform remote code...

8.1CVSS8.5AI score0.02925EPSS

CVE•added 2021/10/06 6:15 p.m.•54 views

CVE-2021-41126

October is a Content Management System (CMS) and web platform built on the the Laravel PHP Framework. In affected versions administrator accounts which had previously been deleted may still be able to sign in to the backend using October CMS v2.0. The issue has been patched in v2.1.12 of the octobe...

7.2CVSS6.9AI score0.00485EPSS