Vulnerabilities > Octobercms > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-08 | CVE-2023-25365 | Unrestricted Upload of File with Dangerous Type vulnerability in Octobercms October 3.2.0 Cross Site Scripting vulnerability found in October CMS v.3.2.0 allows local attacker to execute arbitrary code via the file type .mp3 | 7.8 |
| 2022-10-13 | CVE-2022-35944 | Code Injection vulnerability in Octobercms October October is a self-hosted Content Management System (CMS) platform based on the Laravel PHP Framework. | 7.2 |
| 2022-02-23 | CVE-2022-21705 | Unspecified vulnerability in Octobercms October Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. | 7.2 |
| 2017-11-25 | CVE-2017-16941 | Unrestricted Upload of File with Dangerous Type vulnerability in Octobercms October October CMS through 1.0.428 does not prevent use of .htaccess in themes, which allows remote authenticated users to execute arbitrary PHP code by downloading a theme ZIP archive from /backend/cms/themes, and then uploading and importing a modified archive with two new files: a .php file and a .htaccess file. | 8.8 |
| 2017-11-17 | CVE-2017-1000197 | Channel and Path Errors vulnerability in Octobercms October October CMS build 412 is vulnerable to file path modification in asset move functionality resulting in creating creating malicious files on the server. | 7.5 |
| 2017-11-17 | CVE-2017-1000196 | Code Injection vulnerability in Octobercms October October CMS build 412 is vulnerable to PHP code execution in the asset manager functionality resulting in site compromise and possibly other applications on the server. | 7.5 |
| 2017-11-17 | CVE-2017-1000194 | Unrestricted Upload of File with Dangerous Type vulnerability in Octobercms October October CMS build 412 is vulnerable to Apache configuration modification via file upload functionality resulting in site compromise and possibly other applications on the server. | 7.5 |