4
CVSSv2

CVE-2020-5295

Published: 03/06/2020 Updated: 04/08/2020
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
CVSS v3 Base Score: 4.9 | Impact Score: 3.6 | Exploitability Score: 1.2
Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Vulnerability Summary

In OctoberCMS (october/october composer package) versions from 1.0.319 and prior to 1.0.466, an attacker can exploit this vulnerability to read local files of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the `cms.manage_assets` permission. Issue has been patched in Build 466 (v1.0.466).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

octobercms october

Mailing Lists

########################################################################## # October CMS <= Build 465 Multiple Vulnerabilities # ########################################################################## Author - Sivanesh Ashok | @sivaneshashok | stazotcom Date : 2020-03-31 Vendor : octobercmscom/ V ...
October CMS builds 465 and below suffer from arbitrary file read, arbitrary file deletion, file uploading to arbitrary locations, persistent and reflective cross site scripting, and CSV injection vulnerabilities ...