Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2020-5295 — PHP Remote File Inclusion in October

CWE-98 — PHP Remote File Inclusion CWE-829 — Inclusion of Functionality from Untrusted Control Sphere5 documents5 sources

Severity

4.9MEDIUMNVD

EPSS

9.7%

top 7.05%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Octobercms October October CMS

Timeline

PublishedJun 3

Latest updateNov 18

Description

In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to read local files of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the `cms.manage_assets` permission. Issue has been patched in Build 466 (v1.0.466).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages3 packages

▶NVDoctobercms/october1.0.319 — 1.0.466

▶CVEListV5octobercms/october>= 1.0.319, < 1.0.466

▶Packagistoctober/cms1.0.319 — 1.0.466

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

Local File read vulnerability in OctoberCMS↗2020-06-03

▶

GHSA

Local File read vulnerability in OctoberCMS↗2020-06-03

▶

💥Exploits & PoCs

Exploit-DB

October CMS Build 465 - Arbitrary File Read Exploit (Authenticated)↗2020-11-13

▶

📄Research Papers

arXiv

Can Highlighting Help GitHub Maintainers Track Security Fixes?↗2024-11-18

▶