Skip to main content

October CVE-2017-1000194

CRITICAL
Unrestricted Upload of File with Dangerous Type (CWE-434)
2017-11-17 cve@mitre.org
9.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 17, 2017 - 02:29 cve.org
CRITICAL 9.8

DescriptionCVE.org

October CMS build 412 is vulnerable to Apache configuration modification via file upload functionality resulting in site compromise and possibly other applications on the server.

AnalysisAI

October CMS build 412 is vulnerable to Apache configuration modification via file upload functionality resulting in site compromise and possibly other applications on the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

Technical ContextAI

This vulnerability is classified as Unrestricted File Upload (CWE-434), which allows attackers to upload malicious files that can be executed on the server. October CMS build 412 is vulnerable to Apache configuration modification via file upload functionality resulting in site compromise and possibly other applications on the server. Affected products include: Octobercms October.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate file types server-side, store uploads outside webroot, use random filenames, scan for malware.

CVE-2017-1000119 HIGH POC
7.2 Oct 05

October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise

CVE-2021-3311 CRITICAL POC
9.8 Feb 05

An issue was discovered in October through build 471. Rated critical severity (CVSS 9.8), this vulnerability is remotely

CVE-2021-32648 CRITICAL POC
9.1 Aug 26

octobercms in a CMS platform based on the Laravel PHP Framework. Rated critical severity (CVSS 9.1), this vulnerability

CVE-2017-16244 HIGH POC
8.8 Nov 01

Cross-Site Request Forgery exists in OctoberCMS 1.0.426 (aka Build 426) due to improper validation of CSRF tokens for po

CVE-2022-21705 HIGH POC
7.2 Feb 23

Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. Rated high severity (CVSS 7.2), this vulner

CVE-2018-7198 MEDIUM POC
6.1 Feb 18

October CMS through 1.0.431 allows XSS by entering HTML on the Add Posts page. Rated medium severity (CVSS 6.1), this vu

CVE-2017-1000196 CRITICAL
9.8 Nov 17

October CMS build 412 is vulnerable to PHP code execution in the asset manager functionality resulting in site compromis

CVE-2017-1000197 CRITICAL
9.8 Nov 17

October CMS build 412 is vulnerable to file path modification in asset move functionality resulting in creating creating

CVE-2017-15284 MEDIUM POC
5.4 Oct 12

Cross-Site Scripting exists in OctoberCMS 1.0.425 (aka Build 425), allowing a least privileged user to upload an SVG fil

CVE-2015-5613 MEDIUM POC
5.4 Sep 28

Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrar

CVE-2023-43876 MEDIUM POC
5.4 Sep 28

A Cross-Site Scripting (XSS) vulnerability in installation of October v.3.4.16 allows an attacker to execute arbitrary w

CVE-2023-37692 MEDIUM POC
5.4 Jul 26

An arbitrary file upload vulnerability in October CMS v3.4.4 allows attackers to execute arbitrary code via a crafted fi

Share

CVE-2017-1000194 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy