Vulnerabilities > Octobercms > October > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-08 | CVE-2023-25365 | Unrestricted Upload of File with Dangerous Type vulnerability in Octobercms October 3.2.0 Cross Site Scripting vulnerability found in October CMS v.3.2.0 allows local attacker to execute arbitrary code via the file type .mp3 | 7.8 |
| 2022-10-13 | CVE-2022-35944 | Unspecified vulnerability in Octobercms October October is a self-hosted Content Management System (CMS) platform based on the Laravel PHP Framework. | 7.2 |
| 2022-07-12 | CVE-2022-24800 | Unspecified vulnerability in Octobercms October October/System is the system module for October CMS, a self-hosted CMS platform based on the Laravel PHP Framework. | 8.1 |
| 2022-02-23 | CVE-2022-21705 | Unspecified vulnerability in Octobercms October Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. | 7.2 |
| 2022-01-14 | CVE-2021-32649 | Code Injection vulnerability in Octobercms October October CMS is a self-hosted content management system (CMS) platform based on the Laravel PHP Framework. | 8.8 |
| 2022-01-14 | CVE-2021-32650 | Code Injection vulnerability in Octobercms October 1.0.472/1.1.5 October CMS is a self-hosted content management system (CMS) platform based on the Laravel PHP Framework. | 8.8 |
| 2021-03-10 | CVE-2021-21265 | Unspecified vulnerability in Octobercms October October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. | 7.5 |
| 2020-11-23 | CVE-2020-15246 | Path Traversal vulnerability in Octobercms October October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. | 7.5 |
| 2018-07-23 | CVE-2018-1999009 | Information Exposure vulnerability in Octobercms October October CMS version prior to Build 437 contains a Local File Inclusion vulnerability in modules/system/traits/ViewMaker.php#244 (makeFileContents function) that can result in Sensitive information disclosure and remote code execution. | 8.1 |
| 2017-11-25 | CVE-2017-16941 | Unrestricted Upload of File with Dangerous Type vulnerability in Octobercms October October CMS through 1.0.428 does not prevent use of .htaccess in themes, which allows remote authenticated users to execute arbitrary PHP code by downloading a theme ZIP archive from /backend/cms/themes, and then uploading and importing a modified archive with two new files: a .php file and a .htaccess file. | 8.8 |