CVE-2017-16941Unrestricted File Upload in October

CWE-434Unrestricted File Upload2 documents2 sources
Severity
8.8HIGHNVD
EPSS
0.5%
top 33.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Octobercms October
Timeline
PublishedNov 25
Latest updateMay 17

Description

October CMS through 1.0.428 does not prevent use of .htaccess in themes, which allows remote authenticated users to execute arbitrary PHP code by downloading a theme ZIP archive from /backend/cms/themes, and then uploading and importing a modified archive with two new files: a .php file and a .htaccess file. NOTE: the vendor says "I don't think [an attacker able to login to the system under an account that has access to manage/upload themes] is a threat model that we need to be considering.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

NVDoctobercms/october1.0.428

🔴Vulnerability Details

1
GHSA
GHSA-qhc2-3cg3-6xhg: ** DISPUTED ** October CMS through 12022-05-17