october/system Security Advisories for v1.0.472 (6)
-
[LOW] October CMS Allows Unprotected SVG Rename in Media Manager
PKSA-q2z3-dfft-h9n9 CVE-2024-51991 GHSA-96hh-8hx5-cpw7
Affected version: <3.7.5
Reported by:
GitHub -
[HIGH] October CMS upload process vulnerable to RCE via Race Condition
PKSA-yr75-7y9f-cxw9 CVE-2022-24800 GHSA-8v7h-cpc2-r8jp
Affected version: >=2.0.0,<2.2.15|>=1.1.0,<1.1.12|<1.0.476
Reported by:
GitHub -
[MEDIUM] Missing server signature validation in OctoberCMS
PKSA-9y13-4h42-rz75 CVE-2022-23655 GHSA-53m6-44rc-h2q5
Affected version: <1.0.475|>=1.1.0,<1.1.11
Reported by:
GitHub -
[HIGH] Authenticated remote code execution in October CMS
PKSA-zpmz-wj2m-t91q CVE-2022-21705 GHSA-79jw-2f46-wv22
Affected version: >=2.0.0,<2.1.27|>=1.1.0,<1.1.10|<1.0.474
Reported by:
GitHub -
[HIGH] october/system arbitrary code execution
PKSA-v82s-kwcn-dh7q CVE-2021-32650 GHSA-5hfj-r725-wpc4
Affected version: <1.0.473|>=1.1.0,<1.1.6
Reported by:
GitHub -
[HIGH] October/System authenticated file write leads to remote code execution
PKSA-m6wq-j1hd-zj67 CVE-2021-32649 GHSA-wv23-pfj7-2mjj
Affected version: <1.0.473|>=1.1.0,<1.1.6
Reported by:
GitHub