CVE-2020-15246

Sažetak

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.421 and before version 1.0.469, an attacker can read local files on an October CMS server via a specially crafted request. Issue has been patched in Build 469 (v1.0.469) and v1.1.0.

Reference

https://github.com/octobercms/library/commit/80aab47f044a2660aa352450f55137598f362aa4
https://github.com/octobercms/october/security/advisories/GHSA-xwjr-6fj7-fc6h

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

18-11-2021 - 16:26

Objavljeno

23-11-2020 - 20:15