CVE-2023-44382Code Injection in October

CWE-94Code Injection3 documents3 sources
Severity
9.1CRITICALNVD
EPSS
0.2%
top 52.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Octobercms OctoberOctober System
Timeline
Latest updateNov 29
PublishedDec 1

Description

October is a Content Management System (CMS) and web platform to assist with development workflow. An authenticated backend user with the `editor.cms_pages`, `editor.cms_layouts`, or `editor.cms_partials` permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to `cms.safe_mode` being enabled can write specific Twig code to escape the Twig sandbox and execute arbitrary PHP. This issue has been patched in 3.4.15.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 2.3 | Impact: 6.0

Affected Packages3 packages

Packagistoctober/system3.0.03.4.15
NVDoctobercms/october3.0.03.4.15
CVEListV5octobercms/october>= 3.0.0, < 3.4.15

🔴Vulnerability Details

2
GHSA
October CMS safe mode bypass using Twig sandbox escape2023-11-29
OSV
October CMS safe mode bypass using Twig sandbox escape2023-11-29