CVE-2022-24800
published 2022-07-12CVE-2022-24800: October/System is the system module for October CMS, a self-hosted CMS platform based on the Laravel PHP Framework. Prior to versions 1.0.476, 1.1.12, and…
PriorityP350high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
EPSS
1.14%
62.5th percentile
October/System is the system module for October CMS, a self-hosted CMS platform based on the Laravel PHP Framework. Prior to versions 1.0.476, 1.1.12, and 2.2.15, when the developer allows the user to specify their own filename in the `fromData` method, an unauthenticated user can perform remote code execution (RCE) by exploiting a race condition in the temporary storage directory. This vulnerability affects plugins that expose the `October\Rain\Database\Attach\File::fromData` as a public interface and does not affect vanilla installations of October CMS since this method is not exposed or used by the system internally or externally. The issue has been patched in Build 476 (v1.0.476), v1.1.12, and v2.2.15. Those who are unable to upgrade may apply with patch to their installation manually as a workaround.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| october | system | >= 0 < 1.0.476 | 1.0.476 |
| october | system | >= 1.1.0 < 1.1.12 | 1.1.12 |
| october | system | >= 2.0.0 < 2.2.15 | 2.2.15 |
| octobercms | october | < 1.0.476 | 1.0.476 |
| octobercms | october | — | — |
| octobercms | october | — | — |
| octobercms | october | >= 1.1.0 < 1.1.12 | 1.1.12 |
| octobercms | october | >= 2.0.0 < 2.2.15 | 2.2.15 |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
October CMS upload process vulnerable to RCE via Race Condition
ghsa·2022-07-13
CVE-2022-24800 [HIGH] CWE-362 October CMS upload process vulnerable to RCE via Race Condition
October CMS upload process vulnerable to RCE via Race Condition
### Impact
This advisory affects plugins that expose the `October\Rain\Database\Attach\File::fromData` as a public interface. This vulnerability does not affect vanilla installations of October CMS since this method is not exposed or used by the system internally or externally.
When the developer allows the user to specify their own filename in the `fromData` method, an unauthenticated user can perform remote code execution (RCE) by exploiting a race condition in the temporary storage directory.
### Patches
The issue has been patched in Build 476 (v1.0.476) and v1.1.12 and v2.2.15.
### Workarounds
Apply https://github.com/octobercms/library/commit/fe569f3babf3f593be2b1e0a4ae0283506127a83 to your installation manually if
OSV
October CMS upload process vulnerable to RCE via Race Condition
osv·2022-07-13
CVE-2022-24800 [HIGH] October CMS upload process vulnerable to RCE via Race Condition
October CMS upload process vulnerable to RCE via Race Condition
### Impact
This advisory affects plugins that expose the `October\Rain\Database\Attach\File::fromData` as a public interface. This vulnerability does not affect vanilla installations of October CMS since this method is not exposed or used by the system internally or externally.
When the developer allows the user to specify their own filename in the `fromData` method, an unauthenticated user can perform remote code execution (RCE) by exploiting a race condition in the temporary storage directory.
### Patches
The issue has been patched in Build 476 (v1.0.476) and v1.1.12 and v2.2.15.
### Workarounds
Apply https://github.com/octobercms/library/commit/fe569f3babf3f593be2b1e0a4ae0283506127a83 to your installation manually if
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/octobercms/library/commit/fe569f3babf3f593be2b1e0a4ae0283506127a83https://github.com/octobercms/october/security/advisories/GHSA-8v7h-cpc2-r8jphttps://github.com/octobercms/library/commit/fe569f3babf3f593be2b1e0a4ae0283506127a83https://github.com/octobercms/october/security/advisories/GHSA-8v7h-cpc2-r8jp
2022-07-12
Published