Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
octobercms vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2020-11094
The October CMS debugbar plugin before version 3.1.0 contains a feature where it will log all requests (and all information pertaining to each request including session data) whenever it is enabled. This presents a problem if the plugin is ever enabled on a system that is open to...
Octobercms Debugbar
5
CVSSv2
CVE-2020-15246
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.421 and before version 1.0.469, an attacker can read local files on an October CMS server via a specially crafted request. Issue has been patched in Build ...
Octobercms October
4.4
CVSSv2
CVE-2020-15247
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.469, an authenticated backend user with the cms.manage_pages, cms.manage_layouts, or cms.manage_partials permissions who would n...
Octobercms October
4.6
CVSSv2
CVE-2020-15248
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.470, backend users with the default "Publisher" system role have access to create & manage users where they can ch...
Octobercms October
3.5
CVSSv2
CVE-2020-15249
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.469, backend users with access to upload files were permitted to upload SVG files without any sanitization applied to the upload...
Octobercms October
3.5
CVSSv2
CVE-2020-4061
In October from version 1.0.319 and before version 1.0.467, pasting content copied from malicious websites into the Froala richeditor could result in a successful self-XSS attack. This has been fixed in 1.0.467.
Octobercms October
4
CVSSv2
CVE-2020-5295
In OctoberCMS (october/october composer package) versions from 1.0.319 and prior to 1.0.466, an attacker can exploit this vulnerability to read local files of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the `cms.manage_assets...
Octobercms October
3.5
CVSSv2
CVE-2020-5298
In OctoberCMS (october/october composer package) versions from 1.0.319 and prior to 1.0.466, a user with the ability to use the import functionality of the `ImportExportController` behavior can be socially engineered by an malicious user to upload a maliciously crafted CSV file w...
Octobercms October
4.3
CVSSv2
CVE-2021-21265
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October before version 1.1.2, when running on poorly configured servers (i.e. the server routes any request, regardless of the HOST header to an October CMS instance) the potential exi...
Octobercms October
4.3
CVSSv2
CVE-2015-5612
Cross-site scripting (XSS) vulnerability in October CMS build 271 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the caption tag of a profile image.
Octobercms October -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
race condition
CVE-2024-4249
CVE-2024-4244
CVE-2023-20198
TCP
CVE-2022-48648
CVE-2022-48636
CVE-2024-21345
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »