october/cms Security Advisories for v1.0.336 (5)
-
[HIGH] October CMS PHP Code Execution
PKSA-dpcw-jqxt-5k6s CVE-2017-1000119 GHSA-q263-j3q9-g964
Affected version: <=1.0.412
Reported by:
GitHub -
[MEDIUM] Twig Sandbox Escape by authenticated users with access to editing CMS templates when safemode is enabled.
PKSA-z91x-b3vy-fsjy CVE-2020-15247 GHSA-94vp-rmqv-5875
Affected version: >=1.0.319,<1.0.469
Reported by:
GitHub -
[LOW] Upload whitelisted files to any directory in OctoberCMS
PKSA-7ppw-kcwk-c2rh CVE-2020-5297 GHSA-9722-rr68-rfpg
Affected version: >=1.0.319,<1.0.466
Reported by:
GitHub -
[MEDIUM] Arbitrary File Deletion vulnerability in OctoberCMS
PKSA-kchc-czmc-kmjn CVE-2020-5296 GHSA-jv6v-fvvx-4932
Affected version: >=1.0.319,<1.0.466
Reported by:
GitHub -
[MEDIUM] Local File read vulnerability in OctoberCMS
PKSA-cdgw-bbb7-3jf8 CVE-2020-5295 GHSA-r23f-c2j5-rx2f
Affected version: >=1.0.319,<1.0.466
Reported by:
GitHub