Arbitrary File Upload Vulnerability in October CMS by October
CVE-2023-37692

5.4MEDIUM

Key Information:

Vendor: Octobercms
Status: October
Vendor: CVE Published:; 26 July 2023

What is CVE-2023-37692?

An arbitrary file upload vulnerability present in October CMS version 3.4.4 enables attackers to upload malicious files, potentially allowing the execution of arbitrary code. This poses a significant risk as crafted files can be utilized to exploit the application, compromising server integrity and data security.

References

https://okankurtulus.com.tr/2023/07/24/october-cms-v3-4-4...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 26, 2023
Vulnerability Reserved
Jul 10, 2023

CVE-2023-37692 Data

JSON

Octobercms

What is CVE-2023-37692?

References

CVSS V3.1

Timeline