Local File Inclusion by unauthenticated users
CVE-2020-15246

7.5HIGH

Key Information:

Vendor: Octobercms
Status: October
Vendor: CVE Published:; 23 November 2020

What is CVE-2020-15246?

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.421 and before version 1.0.469, an attacker can read local files on an October CMS server via a specially crafted request. Issue has been patched in Build 469 (v1.0.469) and v1.1.0.

Affected Version(s)

october >= 1.0.421, < 1.0.469

References

https://github.com/octobercms/october/security/advisories...

x_refsource_CONFIRM

https://github.com/octobercms/library/commit/80aab47f044a...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 23, 2020
Vulnerability Reserved
Jun 25, 2020

CVE-2020-15246 Data

JSON

Octobercms

What is CVE-2020-15246?

Affected Version(s)

References

CVSS V3.1

Timeline