October CMS is vulnerable to arbitrary code execution. The library does not restrict the files that can be uploaded, allowing a malicious user to upload a malicious PHP file to the server that can get executed.
CPE | Name | Operator | Version |
---|---|---|---|
october/cms | le | 1.0.412 |