october/cms
Packagist8 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting october/cmspage 1 of 1
- CVE-2017-1000119HIGHCVSS 7.2EG 7.22017-10-05
vulnerable: v1.0.319 ... v1.0.412 (94 versions)
October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise and possibly other applications on the server.
- CVE-2020-15246HIGHCVSS 7.5EG 7.5✓ Fixed in 1.0.4692020-11-23
vulnerable: v1.0.421 ... v1.0.468 (48 versions)
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.421 and before version 1.0.469, an attacker can read local files on an October CMS server via a specially crafted …
- CVE-2020-15247MEDIUMCVSS 5.2EG 5.2✓ Fixed in 1.0.4692020-11-23
vulnerable: v1.0.319 ... v1.0.468 (150 versions)
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.469, an authenticated backend user with the cms.manage_pages, cms.manage_layouts, or cm…
- CVE-2020-26231MEDIUMCVSS 5.2EG 5.2✓ Fixed in 1.0.4702020-11-23
vulnerable: 1.0.469, v1.0.469
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. A bypass of CVE-2020-15247 (fixed in 1.0.469 and 1.1.0) was discovered that has the same impact as CVE-2020-15247. An authenticated backend user w…
- CVE-2020-5295MEDIUMCVSS 4.8EG 4.8✓ Fixed in 1.0.4662020-06-03
vulnerable: v1.0.319 ... v1.0.465 (147 versions)
In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to read local files of an October CMS server. The vulnerability is only exploitable by an authenticated b…
- CVE-2020-5296MEDIUMCVSS 6.2EG 6.2✓ Fixed in 1.0.4662020-06-03
vulnerable: v1.0.319 ... v1.0.465 (147 versions)
In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to delete arbitrary local files of an October CMS server. The vulnerability is only exploitable by an aut…
- CVE-2020-5297LOWCVSS 3.4EG 3.4✓ Fixed in 1.0.4662020-06-03
vulnerable: v1.0.319 ... v1.0.465 (147 versions)
In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to upload jpg, jpeg, bmp, png, webp, gif, ico, css, js, woff, woff2, svg, ttf, eot, json, md, less, sass,…
- CVE-2021-21264MEDIUMCVSS 5.2EG 5.2✓ Fixed in 1.1.22021-05-03
vulnerable: 1.1.1, v1.1.1
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. A bypass of CVE-2020-26231 (fixed in 1.0.470/471 and 1.1.1) was discovered that has the same impact as CVE-2020-26231 & CVE-2020-15247. An authent…
Check whether october/cms is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for october/cms CVEs against the assets you own.
Start Free Scan →