Sushiwushi

**Name of the Vulnerable Software and Affected Versions** October CMS versions prior to 1.0.473 and 1.1.6 **Description** October CMS is a self-hosted content management system (CMS) platform based on the Laravel PHP Framework. An attacker with access to the backend can execute PHP code by using the theme import feature, bypassing the safe mode feature that prevents PHP execution in the CMS templates. **Recommendations** For versions prior to 1.0.473, upgrade to version 1.0.473 or apply the patch to the installation manually as a workaround. For versions prior to 1.1.6, upgrade to version 1.1.6 or apply the patch to the installation manually as a workaround. As a temporary workaround, consider restricting access to the theme import feature until a patch is applied.