Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1xMjYzLWozcTktZzk2NM4AAQVt

October CMS PHP Code Execution

October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise and possibly other applications on the server.

Permalink: https://github.com/advisories/GHSA-q263-j3q9-g964
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xMjYzLWozcTktZzk2NM4AAQVt
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 2 years ago
Updated: 9 months ago

CVSS Score: 7.2
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Identifiers: GHSA-q263-j3q9-g964, CVE-2017-1000119
References:

Blast Radius: 17.9

Affected Packages

packagist:october/cms

Dependent packages: 11
Dependent repositories: 311
Downloads: 991,484 total
Affected Version Ranges: <= 1.0.412
No known fixed version
All affected versions: 1.0.319, 1.0.320, 1.0.321, 1.0.322, 1.0.323, 1.0.324, 1.0.325, 1.0.326, 1.0.327, 1.0.328, 1.0.329, 1.0.330, 1.0.331, 1.0.332, 1.0.333, 1.0.334, 1.0.335, 1.0.336, 1.0.337, 1.0.338, 1.0.339, 1.0.340, 1.0.341, 1.0.342, 1.0.343, 1.0.344, 1.0.345, 1.0.346, 1.0.347, 1.0.348, 1.0.349, 1.0.350, 1.0.351, 1.0.352, 1.0.353, 1.0.354, 1.0.355, 1.0.356, 1.0.357, 1.0.358, 1.0.359, 1.0.360, 1.0.361, 1.0.362, 1.0.363, 1.0.364, 1.0.365, 1.0.366, 1.0.367, 1.0.368, 1.0.369, 1.0.370, 1.0.371, 1.0.372, 1.0.373, 1.0.374, 1.0.375, 1.0.376, 1.0.377, 1.0.378, 1.0.379, 1.0.380, 1.0.381, 1.0.382, 1.0.383, 1.0.384, 1.0.385, 1.0.386, 1.0.387, 1.0.388, 1.0.389, 1.0.390, 1.0.391, 1.0.392, 1.0.393, 1.0.394, 1.0.395, 1.0.396, 1.0.397, 1.0.398, 1.0.399, 1.0.400, 1.0.401, 1.0.402, 1.0.403, 1.0.404, 1.0.405, 1.0.406, 1.0.407, 1.0.408, 1.0.409, 1.0.410, 1.0.411, 1.0.412