CVE-2017-1000119 – october/cms

Package

Manager: composer
Name: october/cms
Vulnerable Version: >=0 <=1.0.412

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

EPSS: 0.74411 pctl0.98801

Details

October CMS PHP Code Execution October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise and possibly other applications on the server.

Metadata

Created: 2022-05-13T01:24:45Z
Modified: 2023-07-31T22:23:29Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-q263-j3q9-g964/GHSA-q263-j3q9-g964.json
CWE IDs: ["CWE-434"]
Alternative ID: GHSA-q263-j3q9-g964
Finding: F027
Auto approve: 1