Samuel Georges

14 exploits Active since Sep 2015
CVE-2017-15284 WRITEUP MEDIUM WRITEUP
OctoberCMS < 1.0.426 - Stored Cross-Site Scripting via SVG Avatar Upload
Cross-Site Scripting exists in OctoberCMS 1.0.425 (aka Build 425), allowing a least privileged user to upload an SVG file containing malicious code as the Avatar for the profile. When this is opened by the Admin, it causes JavaScript execution in the context of the Admin account.
CVSS 5.4
CVE-2017-16244 WRITEUP HIGH WRITEUP
OctoberCMS < 1.0.427 - Cross-Site Request Forgery via _handler Postback Variable
Cross-Site Request Forgery exists in OctoberCMS 1.0.426 (aka Build 426) due to improper validation of CSRF tokens for postback handling, allowing an attacker to successfully take over the victim's account. The attack bypasses a protection mechanism involving X-CSRF headers and CSRF tokens via a certain _handler postback variable.
CVSS 8.8
CVE-2018-10366 WRITEUP MEDIUM WRITEUP
user_project/user and rainlab/user-plugin < 1.5.0 - Stored Cross-Site Scripting in Name Field
An issue was discovered in the Users (aka Front-end user management) plugin 1.4.5 for October CMS. XSS exists in the name field.
CVSS 6.1
CVE-2021-29487 WRITEUP HIGH WRITEUP
October CMS 1.0.471 - Unauthenticated Authentication Bypass via Crafted Request
octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can exploit this vulnerability to bypass authentication and takeover of and user account on an October CMS server. The vulnerability is exploitable by unauthenticated users via a specially crafted request. This only affects frontend users and the attacker must obtain a Laravel secret key for cookie encryption and signing in order to exploit this vulnerability. The issue has been patched in Build 472 and v1.1.5.
CVSS 7.4
CVE-2021-32648 WRITEUP HIGH WRITEUP
October CMS < 1.1.5 and System < 1.0.472 - Authentication Bypass via Password Reset
octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. The issue has been patched in Build 472 and v1.1.5.
CVSS 8.2
CVE-2015-5612 WRITEUP WRITEUP
October CMS < 1.0.319 - Stored Cross-Site Scripting via Profile Image Caption
Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via the caption tag of a profile image.
CVE-2015-5613 WRITEUP MEDIUM WRITEUP
October CMS build 271 and earlier - Cross-Site Scripting via File Title
Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving a file title, a different vulnerability than CVE-2015-5612.
CVSS 5.4
CVE-2020-15247 WRITEUP MEDIUM WRITEUP
October CMS <1.0.469 - Code Injection
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.469, an authenticated backend user with the cms.manage_pages, cms.manage_layouts, or cms.manage_partials permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to cms.enableSafeMode being enabled is able to write specific Twig code to escape the Twig sandbox and execute arbitrary PHP. This is not a problem for anyone that trusts their users with those permissions to normally write & manage PHP within the CMS by not having cms.enableSafeMode enabled, but would be a problem for anyone relying on cms.enableSafeMode to ensure that users with those permissions in production do not have access to write & execute arbitrary PHP. Issue has been patched in Build 469 (v1.0.469) and v1.1.0.
CVSS 5.2
CVE-2021-29487 WRITEUP HIGH WRITEUP
October CMS 1.0.471 - Unauthenticated Authentication Bypass via Crafted Request
octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can exploit this vulnerability to bypass authentication and takeover of and user account on an October CMS server. The vulnerability is exploitable by unauthenticated users via a specially crafted request. This only affects frontend users and the attacker must obtain a Laravel secret key for cookie encryption and signing in order to exploit this vulnerability. The issue has been patched in Build 472 and v1.1.5.
CVSS 7.4
CVE-2021-32648 WRITEUP HIGH WRITEUP
October CMS < 1.1.5 and System < 1.0.472 - Authentication Bypass via Password Reset
octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. The issue has been patched in Build 472 and v1.1.5.
CVSS 8.2
CVE-2021-32649 WRITEUP HIGH WRITEUP
October CMS < 1.0.473 and 1.1.0-1.1.6 - Authenticated Remote Code Execution via Twig Template Injection
October CMS is a self-hosted content management system (CMS) platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with "create, modify and delete website pages" privileges in the backend is able to execute PHP code by running specially crafted Twig code in the template markup. The issue has been patched in Build 473 (v1.0.473) and v1.1.6. Those unable to upgrade may apply the patch to their installation manually as a workaround.
CVSS 8.8
CVE-2021-32650 WRITEUP HIGH WRITEUP
October CMS < 1.0.473 and 1.1.0-1.1.6 - Authenticated Remote Code Execution via Theme Import Feature
October CMS is a self-hosted content management system (CMS) platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with access to the backend is able to execute PHP code by using the theme import feature. This will bypass the safe mode feature that prevents PHP execution in the CMS templates.The issue has been patched in Build 473 (v1.0.473) and v1.1.6. Those unable to upgrade may apply the patch to their installation manually as a workaround.
CVSS 8.8
CVE-2021-3311 WRITEUP CRITICAL WRITEUP
October < 1.0.471 - Insufficient Session Expiration via Session Reactivation
An issue was discovered in October through build 471. It reactivates an old session ID (which had been invalid after a logout) once a new login occurs. NOTE: this violates the intended Auth/Manager.php authentication behavior but, admittedly, is only relevant if an old session ID is known to an attacker.
CVSS 9.8
CVE-2022-21705 WRITEUP HIGH WRITEUP
OctoberCMS < 1.0.474 - Authenticated Remote Code Execution via Safe Mode Bypass
Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. In affected versions user input was not properly sanitized before rendering. An authenticated user with the permissions to create, modify and delete website pages can exploit this vulnerability to bypass `cms.safe_mode` / `cms.enableSafeMode` in order to execute arbitrary code. This issue only affects admin panels that rely on safe mode and restricted permissions. To exploit this vulnerability, an attacker must first have access to the backend area. The issue has been patched in Build 474 (v1.0.474) and v1.1.10. Users unable to upgrade should apply https://github.com/octobercms/library/commit/c393c5ce9ca2c5acc3ed6c9bb0dab5ffd61965fe to your installation manually.
CVSS 7.2