Lucene search
Veracode Vulnerability DatabaseVERACODE:25610HistoryJun 04, 2020 - 8:29 a.m.
Unauthorized Local File Read
2020-06-0408:29:45
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
0.129 Low
EPSS
Percentile
95.5%
octobercms is vulnerable to unrestricted local file read. The vulnerability is possible because it does not restrict the file path to read the files under the assets directory, allowing any authenticated backend user with the cms.manage_assets permission to read local files of an October CMS server.
| CPE | Name | Operator | Version |
|---|---|---|---|
| october/october | le | 1.0.465 | |
| october/october | le | 1.0.465 |
References
packetstormsecurity.com/files/158730/October-CMS-Build-465-XSS-File-Read-File-Deletion-CSV-Injection.html
seclists.org/fulldisclosure/2020/Aug/2
github.com/advisories/GHSA-r23f-c2j5-rx2f
github.com/octobercms/october/commit/2b8939cc8b5b6fe81e093fe2c9f883ada4e3c8cc
github.com/octobercms/october/security/advisories/GHSA-r23f-c2j5-rx2f
stazot.com
Related
cve
cve
CVE-2020-5295
2020-06-03 22:15:11
osv
osv
Local File read vulnerability in OctoberCMS
2020-06-03 21:58:16
CVE-2020-5295
2020-06-03 22:15:11
cvelist
cvelist
CVE-2020-5295 Local File read vulnerability in OctoberCMS
2020-06-03 21:50:12
prion
prion
Code injection
2020-06-03 22:15:00
nvd
nvd
CVE-2020-5295
2020-06-03 22:15:11
github
github
Local File read vulnerability in OctoberCMS
2020-06-03 21:58:16
exploitdb
exploitdb
October CMS Build 465 - Arbitrary File Read Exploit (Authenticated)
2020-11-13 00:00:00
packetstorm
packetstorm
October CMS Build 465 XSS / File Read / File Deletion / CSV Injection
2020-08-03 00:00:00
zdt
zdt