CVE-2020-15247Missing Authorization in October

CWE-862Missing Authorization9 documents3 sources
Severity
6.7MEDIUMNVD
NVD5.2GHSA5.2OSV5.2
EPSS
0.1%
top 65.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Octobercms OctoberOctober CMS
Timeline
PublishedNov 23
Latest updateMay 4

Description

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.469, an authenticated backend user with the cms.manage_pages, cms.manage_layouts, or cms.manage_partials permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to cms.enableSafeMode being enabled is able to write specific Twig code to escape the Twig sandbox and execute arbitrary PHP. This is not a probl

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:LExploitability: 1.1 | Impact: 3.7

Affected Packages3 packages

Packagistoctober/cms1.0.3191.0.469+3
NVDoctobercms/october1.0.3191.0.469+4
CVEListV5octobercms/october1.0.471, 1.1.1+1

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

6
OSV
Bypass of fix for CVE-2020-26231, Twig sandbox escape2021-05-04
GHSA
Bypass of fix for CVE-2020-26231, Twig sandbox escape2021-05-04
GHSA
Twig Sandbox Escape by authenticated users with access to editing CMS templates when safemode is enabled.2020-11-23
OSV
Bypass of fix for CVE-2020-15247, Twig sandbox escape2020-11-23
GHSA
Bypass of fix for CVE-2020-15247, Twig sandbox escape2020-11-23