CVE-2020-15246

Name of the Vulnerable Software and Affected Versions October CMS versions 1.0.421 through 1.0.468

Description An attacker can exploit this issue to read local files on an October CMS server via a specially crafted request. The issue is exploitable by unauthenticated users.

Recommendations For versions 1.0.421 through 1.0.468, update to Build 469 (v1.0.469) or v1.1.0 to resolve the issue. As a temporary workaround for versions that cannot be updated to Build 469, apply the patch from https://github.com/octobercms/library/commit/80aab47f044a2660aa352450f55137598f362aa4 to your installation manually.