High

DATE	CVE	VULNERABILITY TITLE	RISK
2024-02-08	CVE-2023-25365	Unrestricted Upload of File with Dangerous Type vulnerability in Octobercms October 3.2.0 Cross Site Scripting vulnerability found in October CMS v.3.2.0 allows local attacker to execute arbitrary code via the file type .mp3 local low complexity octobercms CWE-434	7.8
2022-10-13	CVE-2022-35944	Unspecified vulnerability in Octobercms October October is a self-hosted Content Management System (CMS) platform based on the Laravel PHP Framework. network low complexity octobercms	7.2
2022-07-12	CVE-2022-24800	Unspecified vulnerability in Octobercms October October/System is the system module for October CMS, a self-hosted CMS platform based on the Laravel PHP Framework. network high complexity octobercms	8.1
2022-02-23	CVE-2022-21705	Unspecified vulnerability in Octobercms October Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. network low complexity octobercms	7.2
2022-01-14	CVE-2021-32649	Code Injection vulnerability in Octobercms October October CMS is a self-hosted content management system (CMS) platform based on the Laravel PHP Framework. network low complexity octobercms CWE-94	8.8
2022-01-14	CVE-2021-32650	Code Injection vulnerability in Octobercms October 1.0.472/1.1.5 October CMS is a self-hosted content management system (CMS) platform based on the Laravel PHP Framework. network low complexity octobercms CWE-94	8.8
2021-03-10	CVE-2021-21265	Unspecified vulnerability in Octobercms October October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. network low complexity octobercms	7.5
2020-11-23	CVE-2020-15246	Path Traversal vulnerability in Octobercms October October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. network low complexity octobercms CWE-22	7.5
2018-07-23	CVE-2018-1999009	Information Exposure vulnerability in Octobercms October October CMS version prior to Build 437 contains a Local File Inclusion vulnerability in modules/system/traits/ViewMaker.php#244 (makeFileContents function) that can result in Sensitive information disclosure and remote code execution. network high complexity octobercms CWE-200	8.1
2017-11-25	CVE-2017-16941	Unrestricted Upload of File with Dangerous Type vulnerability in Octobercms October October CMS through 1.0.428 does not prevent use of .htaccess in themes, which allows remote authenticated users to execute arbitrary PHP code by downloading a theme ZIP archive from /backend/cms/themes, and then uploading and importing a modified archive with two new files: a .php file and a .htaccess file. network low complexity octobercms CWE-434	8.8