CVE-2020-5295

MEDIUM

OctoberCMS <1.0.466 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-5295. PoCs published by Sivanesh Ashok.

AI-analyzed exploit summary This exploit leverages an authenticated arbitrary file read vulnerability in October CMS Build 465 and below by manipulating the 'path' parameter in a POST request to read files outside the intended directory. It requires valid session cookies and uses tools like 'recode' and 'jq' for processing the response.

Description

In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to read local files of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the `cms.manage_assets` permission. Issue has been patched in Build 466 (v1.0.466).

Exploits (1)

exploitdb WORKING POC

by Sivanesh Ashok · bashwebappsphp

https://www.exploit-db.com/exploits/49045

View Code ZIP pw:eip

This exploit leverages an authenticated arbitrary file read vulnerability in October CMS Build 465 and below by manipulating the 'path' parameter in a POST request to read files outside the intended directory. It requires valid session cookies and uses tools like 'recode' and 'jq' for processing the response.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: October CMS Build 465 and below

Auth required

Prerequisites: Valid session cookie · Access to the 'Assets' section in the backend · Target file path

MITRE ATT&CK

T1005 - Data from Local System T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Patch, Third Party Advisory x_refsource_confirm

https://github.com/octobercms/october/security/advisories/GHSA-r23f-c2j5-rx2f

Patch, Third Party Advisory x_refsource_misc

https://github.com/octobercms/october/commit/2b8939cc8b5b6fe81e093fe2c9f883ada4e3c8cc

View Patch ZIP pw:eip

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/158730/October-CMS-Build-465-XSS-File-Read-File-Deletion-CSV-Injection.html

Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2020/Aug/2

Scores

CVSS v3 4.8

EPSS 0.0737

EPSS Percentile 93.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-829 CWE-98

Status published

Products (2)

october/cms 1.0.319 - 1.0.466Packagist

octobercms/october 1.0.319 - 1.0.466

Published Jun 03, 2020

Tracked Since Feb 18, 2026