october/cms Security Advisories (8)
-
[HIGH] October CMS PHP Code Execution
PKSA-dpcw-jqxt-5k6s CVE-2017-1000119 GHSA-q263-j3q9-g964
Affected version: <=1.0.412
Reported by:
GitHub -
[MEDIUM] Bypass of fix for CVE-2020-26231, Twig sandbox escape
PKSA-7hbq-72k8-ynj7 CVE-2021-21264 GHSA-fcr8-6q7r-m4wg
Affected version: =1.1.1|=1.0.471
Reported by:
GitHub -
[LOW] Bypass of fix for CVE-2020-15247, Twig sandbox escape
PKSA-mqjm-w9mf-ty7s CVE-2020-26231 GHSA-r89v-cgv7-3jhx
Affected version: =1.0.469
Reported by:
GitHub -
[MEDIUM] Twig Sandbox Escape by authenticated users with access to editing CMS templates when safemode is enabled.
PKSA-z91x-b3vy-fsjy CVE-2020-15247 GHSA-94vp-rmqv-5875
Affected version: >=1.0.319,<1.0.469
Reported by:
GitHub -
[HIGH] Local File Inclusion by unauthenticated users
PKSA-yyqx-h824-x5yv CVE-2020-15246 GHSA-xwjr-6fj7-fc6h
Affected version: >=1.0.421,<1.0.469
Reported by:
GitHub -
[LOW] Upload whitelisted files to any directory in OctoberCMS
PKSA-7ppw-kcwk-c2rh CVE-2020-5297 GHSA-9722-rr68-rfpg
Affected version: >=1.0.319,<1.0.466
Reported by:
GitHub -
[MEDIUM] Arbitrary File Deletion vulnerability in OctoberCMS
PKSA-kchc-czmc-kmjn CVE-2020-5296 GHSA-jv6v-fvvx-4932
Affected version: >=1.0.319,<1.0.466
Reported by:
GitHub -
[MEDIUM] Local File read vulnerability in OctoberCMS
PKSA-cdgw-bbb7-3jf8 CVE-2020-5295 GHSA-r23f-c2j5-rx2f
Affected version: >=1.0.319,<1.0.466
Reported by:
GitHub