Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS04dmg2LTh3NzYtdjZtM84AAQVU
October CMS File Upload Vulnerability
October CMS build 412 is vulnerable to Apache configuration modification via file upload functionality resulting in site compromise and possibly other applications on the server.
Permalink: https://github.com/advisories/GHSA-8vh6-8w76-v6m3JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04dmg2LTh3NzYtdjZtM84AAQVU
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: over 2 years ago
Updated: about 1 year ago
CVSS Score: 9.8
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Percentage: 0.0024
EPSS Percentile: 0.62529
Identifiers: GHSA-8vh6-8w76-v6m3, CVE-2017-1000194
References:
- https://nvd.nist.gov/vuln/detail/CVE-2017-1000194
- https://github.com/octobercms/october/compare/v1.0.412...v1.0.413#diff-c328b7b99eac0d17b3c71eb37038fd61R224
- https://github.com/advisories/GHSA-8vh6-8w76-v6m3
Blast Radius: 8.3
Affected Packages
packagist:october/october
Dependent packages: 2Dependent repositories: 7
Downloads: 225,639 total
Affected Version Ranges: <= 1.0.412
Fixed in: 1.0.413
All affected versions: 1.0.319, 1.0.320, 1.0.321, 1.0.322, 1.0.323, 1.0.324, 1.0.325, 1.0.326, 1.0.327, 1.0.328, 1.0.329, 1.0.330, 1.0.331, 1.0.332, 1.0.333, 1.0.334, 1.0.335, 1.0.336, 1.0.337, 1.0.338, 1.0.339, 1.0.340, 1.0.341, 1.0.342, 1.0.343, 1.0.344, 1.0.345, 1.0.346, 1.0.347, 1.0.348, 1.0.349, 1.0.350, 1.0.351, 1.0.352, 1.0.353, 1.0.354, 1.0.355, 1.0.356, 1.0.357, 1.0.358, 1.0.359, 1.0.360, 1.0.361, 1.0.362, 1.0.363, 1.0.364, 1.0.365, 1.0.366, 1.0.367, 1.0.368, 1.0.369, 1.0.370, 1.0.371, 1.0.372, 1.0.373, 1.0.374, 1.0.375, 1.0.376, 1.0.377, 1.0.378, 1.0.379, 1.0.380, 1.0.381, 1.0.382, 1.0.383, 1.0.384, 1.0.385, 1.0.386, 1.0.387, 1.0.388, 1.0.389, 1.0.390, 1.0.391, 1.0.392, 1.0.393, 1.0.394, 1.0.395, 1.0.396, 1.0.397, 1.0.398, 1.0.399, 1.0.400, 1.0.401, 1.0.402, 1.0.403, 1.0.404, 1.0.405, 1.0.406, 1.0.407, 1.0.408, 1.0.409, 1.0.410, 1.0.411, 1.0.412
All unaffected versions: 1.0.413, 1.0.414, 1.0.415, 1.0.416, 1.0.417, 1.0.418, 1.0.419, 1.0.420, 1.0.421, 1.0.422, 1.0.423, 1.0.424, 1.0.425, 1.0.426, 1.0.427, 1.0.428, 1.0.429, 1.0.430, 1.0.431, 1.0.432, 1.0.433, 1.0.434, 1.0.435, 1.0.436, 1.0.437, 1.0.438, 1.0.439, 1.0.440, 1.0.441, 1.0.442, 1.0.443, 1.0.444, 1.0.445, 1.0.446, 1.0.447, 1.0.448, 1.0.449, 1.0.450, 1.0.451, 1.0.452, 1.0.453, 1.0.454, 1.0.455, 1.0.456, 1.0.457, 1.0.458, 1.0.459, 1.0.460, 1.0.461, 1.0.462, 1.0.463, 1.0.464, 1.0.465, 1.0.466, 1.0.467, 1.0.468, 1.0.469, 1.0.470, 1.0.471, 1.0.472, 1.0.473, 1.0.474, 1.0.475, 1.0.476, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.1.9, 1.1.10, 1.1.11, 1.1.12, 2.0.0, 2.0.3, 2.0.10, 2.0.13, 2.0.14, 2.0.15, 2.0.16, 2.0.27, 2.0.29, 2.1.0, 2.1.3, 2.1.5, 2.1.6, 2.1.8, 2.1.10, 2.1.12, 2.1.16, 2.1.20, 2.1.21, 2.1.22, 2.1.23, 2.1.24, 2.1.25, 2.1.26, 2.1.27, 2.1.29, 2.2.0, 2.2.6, 2.2.9, 2.2.10, 2.2.32, 3.0.0, 3.0.2, 3.0.6, 3.0.7, 3.0.9, 3.0.10, 3.0.17, 3.0.21, 3.0.22, 3.0.39, 3.0.40, 3.0.42, 3.0.45, 3.0.46, 3.0.56, 3.0.61, 3.0.62, 3.0.74, 3.1.0, 3.1.1, 3.1.12, 3.1.14, 3.1.22, 3.1.26, 3.2.0, 3.2.11, 3.3.0, 3.3.3, 3.3.7, 3.3.9, 3.3.11, 3.4.0, 3.4.1, 3.4.6, 3.4.9, 3.4.10, 3.4.14, 3.5.0, 3.5.1, 3.5.2, 3.5.4, 3.5.7, 3.5.8, 3.6.0, 3.6.1, 3.6.4, 3.7.0, 3.7.3