CVE-2017-1000194

CRITICAL9.8EPSS 0.41%

October CMS File Upload Vulnerability

Published: 5/13/2022Modified: 2/16/2024

Description

October CMS build 412 is vulnerable to Apache configuration modification via file upload functionality resulting in site compromise and possibly other applications on the server.

Affected packages (1)

Packagist/october/octoberfrom 0, < 1.0.413

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-1000194
PATCHhttps://github.com/octobercms/october
WEBhttps://github.com/octobercms/october/compare/v1.0.412...v1.0.413#diff-c328b7b99eac0d17b3c71eb37038fd61R224