Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
octobercms october vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2017-16244
Cross-Site Request Forgery exists in OctoberCMS 1.0.426 (aka Build 426) due to improper validation of CSRF tokens for postback handling, allowing an malicious user to successfully take over the victim's account. The attack bypasses a protection mechanism involving X-CSRF hea...
Octobercms October 1.0.426
1 EDB exploit
8.1
CVSSv3
CVE-2022-24800
October/System is the system module for October CMS, a self-hosted CMS platform based on the Laravel PHP Framework. Prior to versions 1.0.476, 1.1.12, and 2.2.15, when the developer allows the user to specify their own filename in the `fromData` method, an unauthenticated user ca...
Octobercms October
8.1
CVSSv3
CVE-2018-1999009
October CMS version prior to Build 437 contains a Local File Inclusion vulnerability in modules/system/traits/ViewMaker.php#244 (makeFileContents function) that can result in Sensitive information disclosure and remote code execution. This attack appear to be exploitable remotely...
Octobercms October -
7.8
CVSSv3
CVE-2023-25365
Cross Site Scripting vulnerability found in October CMS v.3.2.0 allows local malicious user to execute arbitrary code via the file type .mp3
Octobercms October 3.2.0
7.5
CVSSv3
CVE-2021-21265
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October before version 1.1.2, when running on poorly configured servers (i.e. the server routes any request, regardless of the HOST header to an October CMS instance) the potential exi...
Octobercms October
7.5
CVSSv3
CVE-2020-15246
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.421 and before version 1.0.469, an attacker can read local files on an October CMS server via a specially crafted request. Issue has been patched in Build ...
Octobercms October
7.5
CVSSv3
CVE-2017-1000195
October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting in ability to delete files limited by file permissions on the server.
Octobercms October
7.4
CVSSv3
CVE-2021-29487
octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can exploit this vulnerability to bypass authentication and takeover of and user account on an October CMS server. The vulnerability is exploitable by u...
Octobercms October
1 Github repository
7.2
CVSSv3
CVE-2022-35944
October is a self-hosted Content Management System (CMS) platform based on the Laravel PHP Framework. This vulnerability only affects installations that rely on the safe mode restriction, commonly used when providing public access to the admin panel. Assuming an attacker has acce...
Octobercms October
7.2
CVSSv3
CVE-2022-21705
Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. In affected versions user input was not properly sanitized before rendering. An authenticated user with the permissions to create, modify and delete website pages can exploit this vulnerability to bypass...
Octobercms October
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »