CVE-2017-1000195

HIGH

October CMS <build 412 - Code Injection

Title source: llm

Description

October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting in ability to delete files limited by file permissions on the server.

References (1)

[Patch] https://github.com/octobercms/october/compare/v1.0.412...v1.0.413#diff-c328b7b99eac0d17b3c71eb37038fd61R317

Scores

CVSS v3 7.5

EPSS 0.0018

EPSS Percentile 39.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Classification

CWE

CWE-502

Status draft

Affected Products (1)

octobercms/october < 1.0.412

Timeline

Published Nov 17, 2017

Tracked Since Feb 18, 2026