october/cms Security Advisories for v1.0.428 (5)
-
[MEDIUM] Twig Sandbox Escape by authenticated users with access to editing CMS templates when safemode is enabled.
PKSA-z91x-b3vy-fsjy CVE-2020-15247 GHSA-94vp-rmqv-5875
Affected version: >=1.0.319,<1.0.469
Reported by:
GitHub -
[HIGH] Local File Inclusion by unauthenticated users
PKSA-yyqx-h824-x5yv CVE-2020-15246 GHSA-xwjr-6fj7-fc6h
Affected version: >=1.0.421,<1.0.469
Reported by:
GitHub -
[LOW] Upload whitelisted files to any directory in OctoberCMS
PKSA-7ppw-kcwk-c2rh CVE-2020-5297 GHSA-9722-rr68-rfpg
Affected version: >=1.0.319,<1.0.466
Reported by:
GitHub -
[MEDIUM] Arbitrary File Deletion vulnerability in OctoberCMS
PKSA-kchc-czmc-kmjn CVE-2020-5296 GHSA-jv6v-fvvx-4932
Affected version: >=1.0.319,<1.0.466
Reported by:
GitHub -
[MEDIUM] Local File read vulnerability in OctoberCMS
PKSA-cdgw-bbb7-3jf8 CVE-2020-5295 GHSA-r23f-c2j5-rx2f
Affected version: >=1.0.319,<1.0.466
Reported by:
GitHub