PHP Code Execution Vulnerability in October CMS by October Team
CVE-2017-1000119

7.2HIGH

Key Information:

Vendor: Octobercms
Status: October
Vendor: CVE Published:; 4 October 2017

What is CVE-2017-1000119?

The vulnerability in October CMS build 412 allows for remote code execution through an exploited file upload feature. This issue could lead to complete site compromise and adversely affect other applications hosted on the same server. Administrators are advised to pay close attention to file upload functionalities and apply necessary security measures to mitigate risks.

References

http://octobercms.com/support/article/rn-8

x_refsource_CONFIRM

http://packetstormsecurity.com/files/154390/October-CMS-U...

x_refsource_MISC

EPSS Score

76% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 4, 2017
Vulnerability Reserved
Oct 3, 2017

CVE-2017-1000119 Data

JSON

Octobercms

What is CVE-2017-1000119?

References

EPSS Score

CVSS V3.1

Timeline