october/october is vulnerable to CSV Injection. The vulnerability exists as it does not sanitize the value of $record
in ImportExportController.php
.
CPE | Name | Operator | Version |
---|---|---|---|
october/october | le | 1.0.465 | |
october/october | le | 1.0.465 |
packetstormsecurity.com/files/158730/October-CMS-Build-465-XSS-File-Read-File-Deletion-CSV-Injection.html
seclists.org/fulldisclosure/2020/Aug/2
github.com/advisories/GHSA-4rhm-m2fp-hx7q
github.com/octobercms/library/commit/c84bf03f506052c848f2fddc05f24be631427a1a
github.com/octobercms/october/commit/802d8c8e09a2b342649393edb6d3ceb958851484
github.com/octobercms/october/security/advisories/GHSA-4rhm-m2fp-hx7q