CVE-2020-5297

LOW

OctoberCMS <1.0.466 - File Upload

Title source: llm

Description

In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to upload jpg, jpeg, bmp, png, webp, gif, ico, css, js, woff, woff2, svg, ttf, eot, json, md, less, sass, scss, xml files to any directory of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the `cms.manage_assets` permission. Issue has been patched in Build 466 (v1.0.466).

References (4)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/158730/October-CMS-Build-465-XSS-File-Read-File-Deletion-CSV-Injection.html

[Exploit, Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2020/Aug/2

[Patch, Third Party Advisory] https://github.com/octobercms/october/commit/6711dae8ef70caf0e94cec434498012a2ccd86b8

View Patch ZIP pw:eip

[Patch, Third Party Advisory] https://github.com/octobercms/october/security/advisories/GHSA-9722-rr68-rfpg

Scores

CVSS v3 3.4

EPSS 0.0176

EPSS Percentile 82.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N

Classification

CWE

CWE-610 CWE-73

Status published

Affected Products (2)

octobercms/october < 1.0.466

october/cms < 1.0.466Packagist

Timeline

Published Jun 03, 2020

Tracked Since Feb 18, 2026