Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
OctobercmsOctober

8 matches found

CVE
CVEadded 2021/03/10 10:15 p.m.85 views

CVE-2021-21265

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October before version 1.1.2, when running on poorly configured servers (i.e. the server routes any request, regardless of the HOST header to an October CMS instance) the potential exists for Host Header...

7.5CVSS7AI score0.0047EPSS
CVE
CVEadded 2021/08/26 7:15 p.m.68 views

CVE-2021-29487

octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can exploit this vulnerability to bypass authentication and takeover of and user account on an October CMS server. The vulnerability is exploitable by unauthenticated user...

7.4CVSS7.7AI score0.00503EPSS
CVE
CVEadded 2020/11/23 8:15 p.m.64 views

CVE-2020-15246

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.421 and before version 1.0.469, an attacker can read local files on an October CMS server via a specially crafted request. Issue has been patched in Build 469 (v1.0.469) and ...

7.5CVSS7.4AI score0.01094EPSS
CVE
CVEadded 2022/10/13 10:15 p.m.62 views

CVE-2022-35944

October is a self-hosted Content Management System (CMS) platform based on the Laravel PHP Framework. This vulnerability only affects installations that rely on the safe mode restriction, commonly used when providing public access to the admin panel. Assuming an attacker has access to the admin pan...

7.2CVSS6.6AI score0.00017EPSS
CVE
CVEadded 2021/10/06 6:15 p.m.53 views

CVE-2021-41126

October is a Content Management System (CMS) and web platform built on the the Laravel PHP Framework. In affected versions administrator accounts which had previously been deleted may still be able to sign in to the backend using October CMS v2.0. The issue has been patched in v2.1.12 of the octobe...

7.2CVSS6.9AI score0.00485EPSS
CVE
CVEadded 2017/10/05 1:29 a.m.51 views

CVE-2017-1000119

October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise and possibly other applications on the server.

7.2CVSS7.2AI score0.74411EPSS
Web
CVE
CVEadded 2017/11/17 2:29 a.m.49 views

CVE-2017-1000195

October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting in ability to delete files limited by file permissions on the server.

7.5CVSS7.7AI score0.00183EPSS
CVE
CVEadded 2024/02/08 10:15 p.m.34 views

CVE-2023-25365

Cross Site Scripting vulnerability found in October CMS v.3.2.0 allows local attacker to execute arbitrary code via the file type .mp3

7.8CVSS7.5AI score0.00049EPSS