October Cms vulnerabilities

CVE-2023-43876 [MEDIUM] CWE-79 Withdrawn Advisory: October Cross-site Scripting vulnerability Withdrawn Advisory: October Cross-site Scripting vulnerability ## Withdrawn Advisory This advisory has been withdrawn because the vulnerability affects October CMS's installer, not October CMS. The installer deletes all folders and files upon completion of installation. The vulnerability is valid, but because October's installer is not part of one of the GitHub Advisory Database's [supported ecosystems

CVE-2017-1000119 [HIGH] CWE-434 October CMS PHP Code Execution October CMS PHP Code Execution October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise and possibly other applications on the server.

CVE-2021-21264 [MEDIUM] CWE-862 Bypass of fix for CVE-2020-26231, Twig sandbox escape Bypass of fix for CVE-2020-26231, Twig sandbox escape ### Impact A bypass of CVE-2020-26231 (fixed in 1.0.470/471 and 1.1.1) was discovered that has the same impact as CVE-2020-26231 & CVE-2020-15247: An authenticated backend user with the `cms.manage_pages`, `cms.manage_layouts`, or `cms.manage_partials` permissions who would **normally** not be permitted to provide PHP code to be executed by the CMS due to

CVE-2020-15246 [HIGH] CWE-22 Local File Inclusion by unauthenticated users Local File Inclusion by unauthenticated users ### Impact An attacker can exploit this vulnerability to read local files on an October CMS server. The vulnerability is exploitable by unauthenticated users via a specially crafted request. ### Patches Issue has been patched in Build 469 (v1.0.469) and v1.1.0. ### Workarounds Apply https://github.com/octobercms/library/commit/80aab47f044a2660aa352450f55137598f362aa4 to you

CVE-2020-15247 [MEDIUM] CWE-862 Twig Sandbox Escape by authenticated users with access to editing CMS templates when safemode is enabled. Twig Sandbox Escape by authenticated users with access to editing CMS templates when safemode is enabled. ### Impact An authenticated backend user with the `cms.manage_pages`, `cms.manage_layouts`, or `cms.manage_partials` permissions who would **normally** not be permitted to provide PHP code to be executed by the CMS due to `cms.enableSafeMode` being enable

CVE-2020-26231 [MEDIUM] CWE-862 Bypass of fix for CVE-2020-15247, Twig sandbox escape Bypass of fix for CVE-2020-15247, Twig sandbox escape ### Impact A bypass of CVE-2020-15247 (fixed in 1.0.469 and 1.1.0) was discovered that has the same impact as CVE-2020-15247: An authenticated backend user with the `cms.manage_pages`, `cms.manage_layouts`, or `cms.manage_partials` permissions who would **normally** not be permitted to provide PHP code to be executed by the CMS due to `cms.enableSafeMode`

CVE-2020-5296 [MEDIUM] CWE-610 Arbitrary File Deletion vulnerability in OctoberCMS Arbitrary File Deletion vulnerability in OctoberCMS ### Impact An attacker can exploit this vulnerability to delete arbitrary local files of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the `cms.manage_assets` permission. ### Patches Issue has been patched in Build 466 (v1.0.466). ### Workarounds Apply https://github.com/octobercms/october/commit/2b8939cc8b5

CVE-2020-5295 [MEDIUM] CWE-829 Local File read vulnerability in OctoberCMS Local File read vulnerability in OctoberCMS ### Impact An attacker can exploit this vulnerability to read local files of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the `cms.manage_assets` permission. ### Patches Issue has been patched in Build 466 (v1.0.466). ### Workarounds Apply https://github.com/octobercms/october/commit/2b8939cc8b5b6fe81e093fe2c9f883ada4e3c8c

CVE-2020-5297 [LOW] CWE-610 Upload whitelisted files to any directory in OctoberCMS Upload whitelisted files to any directory in OctoberCMS ### Impact An attacker can exploit this vulnerability to upload jpg, jpeg, bmp, png, webp, gif, ico, css, js, woff, woff2, svg, ttf, eot, json, md, less, sass, scss, xml files to any directory of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the `cms.manage_assets` permission. ### Patches Issue has been