Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-1000119Unrestricted File Upload in CMS

CWE-434Unrestricted File Upload5 documents5 sources
Severity
7.2HIGHNVD
EPSS
76.2%
top 1.06%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
October CMSOctobercms October
Timeline
PublishedOct 5
Latest updateMay 13

Description

October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise and possibly other applications on the server.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

Packagistoctober/cms1.0.412
NVDoctobercms/october1.0.412

🔴Vulnerability Details

2
OSV
October CMS PHP Code Execution2022-05-13
GHSA
October CMS PHP Code Execution2022-05-13

💥Exploits & PoCs

2
Exploit-DB
October CMS - Upload Protection Bypass Code Execution (Metasploit)2019-09-10
Metasploit
October CMS Upload Protection Bypass Code Execution