CVE-2017-1000119

HIGH

October CMS <build 412 - Code Injection

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2017-1000119. PoCs published by Metasploit, dugisan3rd, Anti Räis, including Metasploit module exploits/multi/http/october_upload_bypass_exec.

AI-analyzed exploit summary This Metasploit module exploits an authenticated file upload vulnerability in October CMS by bypassing blacklisted file extensions to achieve remote code execution via a malicious PHP file.

Description

October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise and possibly other applications on the server.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotephp

https://www.exploit-db.com/exploits/47376

View Code ZIP pw:eip

This Metasploit module exploits an authenticated file upload vulnerability in October CMS by bypassing blacklisted file extensions to achieve remote code execution via a malicious PHP file.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: October CMS v1.0.412

Auth required

Prerequisites: Valid credentials for October CMS · Permission to upload media files

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505.003 - Web Shell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

github WORKING POC

by dugisan3rd · pythonpoc

https://github.com/dugisan3rd/exploit/tree/main/cve-2017-1000119

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2017-1000119, which targets an upload protection bypass in October CMS leading to remote code execution. The exploit automates authentication, file upload, and command execution via a crafted PHP file.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: October CMS

Auth required

Prerequisites: valid admin credentials · network access to the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 27, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by Anti Räis · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/october_upload_bypass_exec.rb

View Code ZIP pw:eip

This Metasploit module exploits an authenticated file upload vulnerability in October CMS by bypassing blacklisted file extensions to achieve remote code execution. It authenticates as a user with media upload permissions, uploads a malicious PHP file, and triggers execution via a GET request.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: October CMS v1.0.412

Auth required

Prerequisites: Valid credentials with media upload permissions · Network access to the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505.003 - Web Shell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

http://octobercms.com/support/article/rn-8

Exploit, Third Party Advisory x_refsource_misc

http://packetstormsecurity.com/files/154390/October-CMS-Upload-Protection-Bypass-Code-Execution.html

Scores

CVSS v3 7.2

EPSS 0.7623

EPSS Percentile 99.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (2)

october/cms 0Packagist

octobercms/october 1.0.412

Published Oct 05, 2017

Tracked Since Feb 18, 2026