CVE-2018-1999009

Name of the Vulnerable Software and Affected Versions October CMS versions prior to Build 437

Description The issue is related to a Local File Inclusion vulnerability in the makeFileContents function within modules/system/traits/ViewMaker.php. This can lead to sensitive information disclosure and remote code execution. The attack appears to be exploitable remotely if the /backend path is accessible.

Recommendations For October CMS versions prior to Build 437, update to Build 437 or later to resolve the issue. As a temporary workaround, consider restricting access to the /backend path to minimize the risk of exploitation. Additionally, limiting the use of the makeFileContents function in ViewMaker.php until the update can be applied may help mitigate the risk.