Описание
October is a Content Management System (CMS) and web platform to assist with development workflow. An authenticated backend user with the editor.cms_pages, editor.cms_layouts, or editor.cms_partials permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to cms.safe_mode being enabled can craft a special request to include PHP code in the CMS template. This issue has been patched in version 3.4.15.
Уязвимые конфигурации
Конфигурация 1Версия от 3.0.0 (включая) до 3.4.15 (исключая)
cpe:2.3:a:octobercms:october:*:*:*:*:*:*:*:*
EPSS
Процентиль: 39%
0.00175
Низкий
4.9 Medium
CVSS3
Дефекты
CWE-94
Связанные уязвимости
CVSS3: 4.9
github
около 2 лет назад
October CMS safe mode bypass using Page template injection
EPSS
Процентиль: 39%
0.00175
Низкий
4.9 Medium
CVSS3
Дефекты
CWE-94