Описание
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.421 and before version 1.0.469, an attacker can read local files on an October CMS server via a specially crafted request. Issue has been patched in Build 469 (v1.0.469) and v1.1.0.
Ссылки
- PatchThird Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 1.0.421 (включая) до 1.0.469 (исключая)
cpe:2.3:a:octobercms:october:*:*:*:*:*:*:*:*
EPSS
Процентиль: 77%
0.01094
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-863
CWE-22
Связанные уязвимости
EPSS
Процентиль: 77%
0.01094
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-863
CWE-22