October CMS is vulnerable to local file inclusion. The function validatePath
in modules/system/classes/MediaLibrary.php
does not perform validation of file paths. This allows an attacker to manipulate the folder names with ../
characters through the request headers to retrieve confidential system files or obtain remote code execution. This vulnerability is remotely exploitable if /backend
is accessible.
CPE | Name | Operator | Version |
---|---|---|---|
october/october | le | 1.0.436 | |
october/cms | le | 1.0.436 |