OctoberCMS is vulnerable to Unrestricted File Upload. It does not trim and validate the path destinationFullPath
, allowing an authenticated backend user with the cms.manage_assets
permission to upload files such as jpg, jpeg, bmp, png, webp, gif, ico, css, js, woff, woff2, svg, ttf, eot, json, md, less, sass, scss, xml to any directory of an October CMS server.
CPE | Name | Operator | Version |
---|---|---|---|
october/october | le | 1.0.465 | |
october/october | le | 1.0.465 |
packetstormsecurity.com/files/158730/October-CMS-Build-465-XSS-File-Read-File-Deletion-CSV-Injection.html
seclists.org/fulldisclosure/2020/Aug/2
github.com/advisories/GHSA-9722-rr68-rfpg
github.com/octobercms/october/commit/6711dae8ef70caf0e94cec434498012a2ccd86b8
github.com/octobercms/october/security/advisories/GHSA-9722-rr68-rfpg