Lucene search

Veracode Vulnerability DatabaseVERACODE:44484

HistoryNov 30, 2023 - 6:32 a.m.

Server Side Template Injection

2023-11-3006:32:02

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

october cms

server side template injection

twig code

sandbox

php code execution

authentication

backend user

permissions

exploitation

attackcrafted twig code

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.3%

JSON

October CMS is vulnerable to Server Side Template Injection. The vulnerability is due improper sandboxing of twig code, where an authenticated backend user possessing the editor.cms_pages, editor.cms_layouts, or editor.cms_partials permissions, can execute PHP code even when cms.safe_mode being enabled. This issue can be exploited by an attacker via crafting malicious Twig code to escape sandbox resulting in execution of arbitrary PHP code.

CPENameOperatorVersion
october/octoberlev3.4.14
october/octoberlev3.4.14

CPE	Name	Operator	Version
	october/october	le	v3.4.14
	october/october	le	v3.4.14

References

github.com/advisories/GHSA-p8q3-h652-65vx

github.com/octobercms/october/security/advisories/GHSA-p8q3-h652-65vx

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.3%

JSON

Related for VERACODE:44484