Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS04dmg2LTh3NzYtdjZtM84AAQVU
October CMS File Upload Vulnerability
October CMS build 412 is vulnerable to Apache configuration modification via file upload functionality resulting in site compromise and possibly other applications on the server.
Permalink: https://github.com/advisories/GHSA-8vh6-8w76-v6m3JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04dmg2LTh3NzYtdjZtM84AAQVU
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: almost 2 years ago
Updated: 7 months ago
CVSS Score: 9.8
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-8vh6-8w76-v6m3, CVE-2017-1000194
References:
- https://nvd.nist.gov/vuln/detail/CVE-2017-1000194
- https://github.com/octobercms/october/compare/v1.0.412...v1.0.413#diff-c328b7b99eac0d17b3c71eb37038fd61R224
- https://github.com/advisories/GHSA-8vh6-8w76-v6m3
Blast Radius: 8.3
Affected Packages
packagist:october/october
Dependent packages: 2Dependent repositories: 7
Downloads: 210,188 total
Affected Version Ranges: <= 1.0.412
Fixed in: 1.0.413
All affected versions: 1.0.319, 1.0.320, 1.0.321, 1.0.322, 1.0.323, 1.0.324, 1.0.325, 1.0.326, 1.0.327, 1.0.328, 1.0.329, 1.0.330, 1.0.331, 1.0.332, 1.0.333, 1.0.334, 1.0.335, 1.0.336, 1.0.337, 1.0.338, 1.0.339, 1.0.340, 1.0.341, 1.0.342, 1.0.343, 1.0.344, 1.0.345, 1.0.346, 1.0.347, 1.0.348, 1.0.349, 1.0.350, 1.0.351, 1.0.352, 1.0.353, 1.0.354, 1.0.355, 1.0.356, 1.0.357, 1.0.358, 1.0.359, 1.0.360, 1.0.361, 1.0.362, 1.0.363, 1.0.364, 1.0.365, 1.0.366, 1.0.367, 1.0.368, 1.0.369, 1.0.370, 1.0.371, 1.0.372, 1.0.373, 1.0.374, 1.0.375, 1.0.376, 1.0.377, 1.0.378, 1.0.379, 1.0.380, 1.0.381, 1.0.382, 1.0.383, 1.0.384, 1.0.385, 1.0.386, 1.0.387, 1.0.388, 1.0.389, 1.0.390, 1.0.391, 1.0.392, 1.0.393, 1.0.394, 1.0.395, 1.0.396, 1.0.397, 1.0.398, 1.0.399, 1.0.400, 1.0.401, 1.0.402, 1.0.403, 1.0.404, 1.0.405, 1.0.406, 1.0.407, 1.0.408, 1.0.409, 1.0.410, 1.0.411, 1.0.412
All unaffected versions: 1.0.413, 1.0.414, 1.0.415, 1.0.416, 1.0.417, 1.0.418, 1.0.419, 1.0.420, 1.0.421, 1.0.422, 1.0.423, 1.0.424, 1.0.425, 1.0.426, 1.0.427, 1.0.428, 1.0.429, 1.0.430, 1.0.431, 1.0.432, 1.0.433, 1.0.434, 1.0.435, 1.0.436, 1.0.437, 1.0.438, 1.0.439, 1.0.440, 1.0.441, 1.0.442, 1.0.443, 1.0.444, 1.0.445, 1.0.446, 1.0.447, 1.0.448, 1.0.449, 1.0.450, 1.0.451, 1.0.452, 1.0.453, 1.0.454, 1.0.455, 1.0.456, 1.0.457, 1.0.458, 1.0.459, 1.0.460, 1.0.461, 1.0.462, 1.0.463, 1.0.464, 1.0.465, 1.0.466, 1.0.467, 1.0.468, 1.0.469, 1.0.470, 1.0.471, 1.0.472, 1.0.473, 1.0.474, 1.0.475, 1.0.476, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.1.9, 1.1.10, 1.1.11, 1.1.12, 2.0.0, 2.0.3, 2.0.10, 2.0.13, 2.0.14, 2.0.15, 2.0.16, 2.0.27, 2.0.29, 2.1.0, 2.1.3, 2.1.5, 2.1.6, 2.1.8, 2.1.10, 2.1.12, 2.1.16, 2.1.20, 2.1.21, 2.1.22, 2.1.23, 2.1.24, 2.1.25, 2.1.26, 2.1.27, 2.1.29, 2.2.0, 2.2.6, 2.2.9, 2.2.10, 2.2.32, 3.0.0, 3.0.2, 3.0.6, 3.0.7, 3.0.9, 3.0.10, 3.0.17, 3.0.21, 3.0.22, 3.0.39, 3.0.40, 3.0.42, 3.0.45, 3.0.46, 3.0.56, 3.0.61, 3.0.62, 3.0.74, 3.1.0, 3.1.1, 3.1.12, 3.1.14, 3.1.22, 3.1.26, 3.2.0, 3.2.11, 3.3.0, 3.3.3, 3.3.7, 3.3.9, 3.3.11, 3.4.0, 3.4.1, 3.4.6, 3.4.9, 3.4.10, 3.4.14, 3.5.0, 3.5.1, 3.5.2, 3.5.4, 3.5.7, 3.5.8, 3.6.0, 3.6.1, 3.6.4