CVE-2017-1000194

Опубликовано: 17 нояб. 2017

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

October CMS build 412 is vulnerable to Apache configuration modification via file upload functionality resulting in site compromise and possibly other applications on the server.

Ссылки

https://github.com/octobercms/october/compare/v1.0.412...v1.0.413#diff-c328b7b99eac0d17b3c71eb37038fd61R224
Patch
https://github.com/octobercms/october/compare/v1.0.412...v1.0.413#diff-c328b7b99eac0d17b3c71eb37038fd61R224
Patch

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:octobercms:october:*:*:*:*:*:*:*:*

Версия до 1.0.412 (включая)

EPSS

Процентиль: 61%

0.00411

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-8vh6-8w76-v6m3