PT-2017-10894 · October · October Cms
Published
2017-11-17
·
Updated
2020-08-03
·
CVE-2017-1000197
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
October CMS build 412
Description
The issue allows for file path modification in the asset move functionality, potentially resulting in the creation of malicious files on the server.
Recommendations
For October CMS build 412, update to a version that fixes this issue to prevent malicious file creation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
October Cms