Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist october/system Security Advisories

Browse all Security Advisories for packagist october/system

Loading...
Low
GSA_kwCzR0hTQS12MnZmLWp2ODgtM2ZwNc4AA9Xp
October System module has an Open Redirect for Administrator Accounts
Ecosystems: packagist
Packages: october/system
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: 5 months ago
Low
GSA_kwCzR0hTQS1yanc4LXY3cnItcjU2M84AA9Xl
October System module has a Reflected XSS via X-October-Request-Handler Header
Ecosystems: packagist
Packages: october/system
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1ydng4LXAzeHAtZmozcM4AA3a4
October CMS stored XSS by authenticated backend user with improper configuration
Ecosystems: packagist
Packages: october/system
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: 12 months ago
Critical
GSA_kwCzR0hTQS1wOHEzLWg2NTItNjV2eM4AA3a2
October CMS safe mode bypass using Twig sandbox escape
Ecosystems: packagist
Packages: october/system
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1xMjJqLTVyM2ctOWhtaM4AA3a1
October CMS safe mode bypass using Page template injection
Ecosystems: packagist
Packages: october/system
Source: GitHub Advisory Database
Blast Radius: 12.4
Published: 12 months ago
High
GSA_kwCzR0hTQS14NHE3LW02ZnAtNHY5ds4AAvUA
October CMS Safe Mode bypass leads to authenticated Remote Code Execution
Ecosystems: packagist
Packages: october/system
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: about 2 years ago
High
GSA_kwCzR0hTQS04djdoLWNwYzItcjhqcM4AAtX7
October CMS upload process vulnerable to RCE via Race Condition
Ecosystems: packagist
Packages: october/system
Source: GitHub Advisory Database
Blast Radius: 20.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS01M202LTQ0cmMtaDJxNc0uRQ
Missing server signature validation in OctoberCMS
Ecosystems: packagist
Packages: october/system
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: over 2 years ago
High
GSA_kwCzR0hTQS03OWp3LTJmNDYtd3YyMs0uLg
Authenticated remote code execution in October CMS
Ecosystems: packagist
Packages: october/system
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: over 2 years ago
High
GSA_kwCzR0hTQS01aGZqLXI3MjUtd3BjNM0jVg
october/system arbitrary code execution
Ecosystems: packagist
Packages: october/system
Source: GitHub Advisory Database
Blast Radius: 22.3
Published: almost 3 years ago
High
GSA_kwCzR0hTQS13djIzLXBmajctMm1qas0jVw
October/System authenticated file write leads to remote code execution
Ecosystems: packagist
Packages: october/system
Source: GitHub Advisory Database
Blast Radius: 22.3
Published: almost 3 years ago
High
GSA_kwCzR0hTQS02Z2pmLTd3OTktajd4N80WOA
Deleted Admin Can Sign In to Admin Interface
Ecosystems: packagist
Packages: october/system, october/october
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg3NnItdmdmMy1qNnc1
October CMS auth bypass and account takeover
Ecosystems: packagist
Packages: october/system
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW14cjUtbWM5Ny02M3Jj
Account Takeover in Octobercms
Ecosystems: packagist
Packages: october/system
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY3M3ctcjl4Zy03Y3I5
Use of insecure jQuery version in OctoberCMS
Ecosystems: packagist
Packages: october/system, october/october
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 4 years ago
Statistics
Advisories: 20,668
Packages: 9,040
Repositories: 1
Ecosystems: 12
Filter by Package
moodle/moodle 367 magento/community-edition 235 typo3/cms 174 pimcore/pimcore 118 dolibarr/dolibarr 113 typo3/cms-core 106 microweber/microweber 94 phpmyadmin/phpmyadmin 92 drupal/core 92 silverstripe/framework 85 drupal/drupal 78 librenms/librenms 74 thorsten/phpmyfaq 70 symfony/symfony 69 concrete5/concrete5 60 shopware/platform 52 baserproject/basercms 47 craftcms/cms 46 shopware/core 40 showdoc/showdoc 40 intelliants/subrion 39 froxlor/froxlor 38 mautic/core 37 nilsteampassnet/teampass 37 snipe/snipe-it 35 zendframework/zendframework1 34 shopware/shopware 30 getgrav/grav 29 mediawiki/core 28 centreon/centreon 27 prestashop/prestashop 26 magento/core 24 contao/core-bundle 24 remdex/livehelperchat 23 zendframework/zendframework 23 pocketmine/pocketmine-mp 23 simplesamlphp/simplesamlphp 23 grumpydictator/firefly-iii 23 getkirby/cms 22 tribalsystems/zenario 22 laravel/framework 20 funadmin/funadmin 20 contao/contao 19 cockpit-hq/cockpit 18 forkcms/forkcms 18 topthink/framework 18 cakephp/cakephp 17 symfony/security 17 genix/cms 17 francoisjacquet/rosariosis 17 opencart/opencart 17 ezsystems/ezpublish-kernel 17 openmage/magento-lts 16 yetiforce/yetiforce-crm 16 typo3/cms-backend 16 phpbb/phpbb 16 symfony/security-http 15 october/system 15 smarty/smarty 15 ec-cube/ec-cube 15 dompdf/dompdf 14 bolt/bolt 14 feehi/cms 14 silverstripe/cms 14 phpmailer/phpmailer 14 studio-42/elfinder 13 pimcore/admin-ui-classic-bundle 13 sylius/sylius 13 impresscms/impresscms 13 lavalite/cms 13 codeigniter4/framework 13 elefant/cms 13 admidio/admidio 13 symfony/http-foundation 12 phpoffice/phpspreadsheet 12 wwbn/avideo 12 phpmyfaq/phpmyfaq 12 ezsystems/ezplatform-kernel 11 nukeviet/nukeviet 11 pagekit/pagekit 11 wallabag/wallabag 11 tinymce/tinymce 11 TinyMCE 11 tinymce 11 feehi/feehicms 11 sulu/sulu 10 october/october 10 ssddanbrown/bookstack 10 ezsystems/ezpublish-legacy 10 yiisoft/yii2 10 contao/core 9 kevinpapst/kimai2 9 statamic/cms 9 alextselegidis/easyappointments 9 bootstrap 9 org.webjars:bootstrap 9 bootstrap 9 concrete5/core 9 twbs/bootstrap 9 bootstrap 9 croogo/croogo 8 codiad/codiad 8 gilacms/gila 8 ezsystems/ezplatform-admin-ui 8 mantisbt/mantisbt 8 twig/twig 8 silverstripe/admin 8 pterodactyl/panel 8 pimcore/customer-management-framework-bundle 8 facturascripts/facturascripts 8 composer/composer 8 silverstripe/graphql 8 october/cms 8 bootstrap.sass 7 wpglobus/wpglobus 7 october/backend 7 symfony/http-kernel 7 billz/raspap-webgui 7 backdrop/backdrop 7 passbolt/passbolt_api 7 flarum/core 7 bootstrap-sass 7 nystudio107/craft-seomatic 6 directmailteam/direct-mail 6 bagisto/bagisto 6 vrana/adminer 6 yourls/yourls 6 zoujingli/thinkadmin 6 dweeves/magmi 6 phpseclib/phpseclib 6 oro/platform 6 guzzlehttp/guzzle 6 icecoder/icecoder 6 pear/archive_tar 6 in2code/femanager 6 yiisoft/yii2-dev 6 gleez/cms 6 cachethq/cachet 5 phpservermon/phpservermon 5 bottelet/flarepoint 5 symfony/security-bundle 5 neos/flow 5 anchorcms/anchor-cms 5 illuminate/database 5 codeigniter/framework 5 bootstrap-sass 5 thinkcmf/thinkcmf 5 kimai/kimai 5 limesurvey/limesurvey 5 mautic/core-lib 5 neos/neos 5 ibexa/core 5 simplesamlphp/saml2 5 elgg/elgg 5 typo3/flow 5 silverstripe/assets 5 phpxmlrpc/phpxmlrpc 5 typo3/cms-install 5 gugoan/economizzer 5 woocommerce/woocommerce 5 symfony/security-core 5 modx/revolution 4 shopware/storefront 4 evolutioncms/evolution 4 idno/known 4 friendsofsymfony/user-bundle 4 magento/product-community-edition 4 codeigniter4/shield 4 automad/automad 4 sylius/resource-bundle 4 typo3/cms-frontend 4 oro/commerce 4 reportico-web/reportico 4 shopxo/shopxo 4 wp-premium/gravityforms 4 bref/bref 4 adodb/adodb-php 4 bytefury/crater 4 ezyang/htmlpurifier 4 processwire/processwire 4 appwrite/server-ce 4 ezsystems/ezplatform 4 pyrocms/pyrocms 4 typo3/html-sanitizer 4 zendframework/zendopenid 4 notrinos/notrinos-erp 4 spatie/browsershot 4 wintercms/winter 4 buddypress/buddypress 3 ckeditor4 3 joomla/joomla-cms 3 prestashop/productcomments 3 typo3/phar-stream-wrapper 3 phenx/php-svg-lib 3 flarum/framework 3 aimeos/ai-admin-graphql 3 pixelfed/pixelfed 3 joomla/framework 3 enhavo/enhavo-app 3 rudloff/alltube 3