CVE-2022-35944 – october/system

Package

Manager: composer
Name: october/system
Vulnerable Version: >=2.0.0 <2.2.34 || >=3.0.0 <3.0.66

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00017 pctl0.02791

Details

October CMS Safe Mode bypass leads to authenticated Remote Code Execution ### Impact This vulnerability only affects installations that rely on the safe mode restriction, commonly used when providing public access to the admin panel. Assuming an attacker has access to the admin panel and permission to open the "Editor" section, they can bypass the Safe Mode (`cms.safe_mode`) restriction to introduce new PHP code in a CMS template using a specially crafted request. ### Patches The issue has been patched in v2.2.34 and v3.0.66 ### References Credits to: - David Miller ### For more information If you have any questions or comments about this advisory: - Email us at [hello@octobercms.com](mailto:hello@octobercms.com)

Metadata

Created: 2022-10-13T19:11:08Z
Modified: 2022-10-24T18:35:38Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/10/GHSA-x4q7-m6fp-4v9v/GHSA-x4q7-m6fp-4v9v.json
CWE IDs: ["CWE-94"]
Alternative ID: GHSA-x4q7-m6fp-4v9v
Finding: F422
Auto approve: 1