CVE-2017-1000194

CRITICAL

October CMS <412 - Privilege Escalation

Title source: llm

Description

October CMS build 412 is vulnerable to Apache configuration modification via file upload functionality resulting in site compromise and possibly other applications on the server.

References (1)

Core 1

Core References

Patch x_refsource_misc

https://github.com/octobercms/october/compare/v1.0.412...v1.0.413#diff-c328b7b99eac0d17b3c71eb37038fd61R224

Scores

CVSS v3 9.8

EPSS 0.0041

EPSS Percentile 61.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (2)

october/october 0 - 1.0.413Packagist

octobercms/october < 1.0.412

Published Nov 17, 2017

Tracked Since Feb 18, 2026