CVE-2020-5295

MEDIUM

OctoberCMS <1.0.466 - Info Disclosure

Title source: llm

Description

In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to read local files of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the `cms.manage_assets` permission. Issue has been patched in Build 466 (v1.0.466).

Exploits (1)

exploitdb WORKING POC

by Sivanesh Ashok · bashwebappsphp

https://www.exploit-db.com/exploits/49045

View Code ZIP pw:eip

References (4)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/158730/October-CMS-Build-465-XSS-File-Read-File-Deletion-CSV-Injection.html

[Exploit, Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2020/Aug/2

[Patch, Third Party Advisory] https://github.com/octobercms/october/commit/2b8939cc8b5b6fe81e093fe2c9f883ada4e3c8cc

[Patch, Third Party Advisory] https://github.com/octobercms/october/security/advisories/GHSA-r23f-c2j5-rx2f

Scores

CVSS v3 4.8

EPSS 0.0968

EPSS Percentile 92.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-829 CWE-98

Status published

Products (2)

october/cms 1.0.319 - 1.0.466Packagist

octobercms/october 1.0.319 - 1.0.466

Published Jun 03, 2020

Tracked Since Feb 18, 2026