CVE-2017-1000196

CRITICAL

October CMS <build 412 - Code Injection

Title source: llm
STIX 2.1

Description

October CMS build 412 is vulnerable to PHP code execution in the asset manager functionality resulting in site compromise and possibly other applications on the server.

Scores

CVSS v3 9.8
EPSS 0.0194
EPSS Percentile 77.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-94
Status published
Products (1)
octobercms/october < 1.0.412
Published Nov 17, 2017
Tracked Since Feb 18, 2026