CVE-2020-15246
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.421 and before version 1.0.469, an attacker can read local files on an October CMS server via a specially crafted request. Issue has been patched in Build 469 (v1.0.469) and v1.1.0.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| octobercms | october | >= 1.0.421, < 1.0.469 | affected |
Weaknesses
- CWE-863: CWE-863 Incorrect Authorization
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/octobercms/october/security/advisories/GHSA-xwjr-6fj7-fc6h
- https://github.com/octobercms/library/commit/80aab47f044a2660aa352450f55137598f362aa4
References
- https://github.com/octobercms/october/security/advisories/GHSA-xwjr-6fj7-fc6h
- https://github.com/octobercms/library/commit/80aab47f044a2660aa352450f55137598f362aa4
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.