CVE-2022-35944

HIGH7.2EPSS 0.53%

October CMS Safe Mode bypass leads to authenticated Remote Code Execution

Published: 10/13/2022Modified: 11/8/2023

Description

### Impact This vulnerability only affects installations that rely on the safe mode restriction, commonly used when providing public access to the admin panel. Assuming an attacker has access to the admin panel and permission to open the "Editor" section, they can bypass the Safe Mode (`cms.safe_mode`) restriction to introduce new PHP code in a CMS template using a specially crafted request. ### Patches The issue has been patched in v2.2.34 and v3.0.66 ### References Credits to: - David Miller ### For more information If you have any questions or comments about this advisory: - Email us at [[email protected]](mailto:[email protected])

Affected packages (1)

Packagist/october/system>= 2.0.0, < 2.2.34

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-35944
PATCHhttps://github.com/octobercms/october
WEBhttps://github.com/octobercms/october/security/advisories/GHSA-x4q7-m6fp-4v9v