October
CVE-2020-5299
MEDIUM
Severity by source
AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L
Lifecycle Timeline
1DescriptionNVD
In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, any users with the ability to modify any data that could eventually be exported as a CSV file from the ImportExportController could potentially introduce a CSV injection into the data to cause the generated CSV export file to be malicious. This requires attackers to achieve the following before a successful attack can be completed: 1. Have found a vulnerability in the victims spreadsheet software of choice. 2. Control data that would potentially be exported through the ImportExportController by a theoretical victim. 3. Convince the victim to export above data as a CSV and run it in vulnerable spreadsheet software while also bypassing any sanity checks by said software. Issue has been patched in Build 466 (v1.0.466).
AnalysisAI
In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, any users with the ability to modify any data that could eventually be exported as a CSV file from the. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.
Technical ContextAI
This vulnerability is classified as Command Injection (CWE-77), which allows attackers to inject arbitrary commands into system command execution. In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, any users with the ability to modify any data that could eventually be exported as a CSV file from the ImportExportController could potentially introduce a CSV injection into the data to cause the generated CSV export file to be malicious. This requires attackers to achieve the following before a successful attack can be completed: 1. Have found a vulnerability in the victims spreadsheet software of choice. 2. Control data that would potentially be exported through the ImportExportController by a theoretical victim. 3. Convince the victim to export above data as a CSV and run it in vulnerable spreadsheet software while also bypassing any sanity checks by said software. Issue has been patched in Build 466 (v1.0.466). Affected products include: Octobercms October. Version information: before 1.0.466.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Use parameterized APIs, avoid shell execution, validate input with strict allowlists.
October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise
An issue was discovered in October through build 471. Rated critical severity (CVSS 9.8), this vulnerability is remotely
octobercms in a CMS platform based on the Laravel PHP Framework. Rated critical severity (CVSS 9.1), this vulnerability
Cross-Site Request Forgery exists in OctoberCMS 1.0.426 (aka Build 426) due to improper validation of CSRF tokens for po
Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. Rated high severity (CVSS 7.2), this vulner
October CMS through 1.0.431 allows XSS by entering HTML on the Add Posts page. Rated medium severity (CVSS 6.1), this vu
October CMS build 412 is vulnerable to PHP code execution in the asset manager functionality resulting in site compromis
October CMS build 412 is vulnerable to file path modification in asset move functionality resulting in creating creating
October CMS build 412 is vulnerable to Apache configuration modification via file upload functionality resulting in site
Cross-Site Scripting exists in OctoberCMS 1.0.425 (aka Build 425), allowing a least privileged user to upload an SVG fil
Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrar
A Cross-Site Scripting (XSS) vulnerability in installation of October v.3.4.16 allows an attacker to execute arbitrary w
Same weakness CWE-77 – Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today