CVE-2020-5297

Public Exploit

Upload whitelisted files to any directory in OctoberCMS

Description

In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to upload jpg, jpeg, bmp, png, webp, gif, ico, css, js, woff, woff2, svg, ttf, eot, json, md, less, sass, scss, xml files to any directory of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the `cms.manage_assets` permission. Issue has been patched in Build 466 (v1.0.466).

References

Link	Tags
https://github.com/octobercms/october/security/advisories/GHSA-9722-rr68-rfpg	third party advisory patch
https://github.com/octobercms/october/commit/6711dae8ef70caf0e94cec434498012a2ccd86b8	third party advisory patch
http://packetstormsecurity.com/files/158730/October-CMS-Build-465-XSS-File-Read-File-Deletion-CSV-Injection.html	exploit vdb entry third party advisory
http://seclists.org/fulldisclosure/2020/Aug/2	mailing list exploit third party advisory

Frequently Asked Questions

What is the severity of CVE-2020-5297?: CVE-2020-5297 has been scored as a low severity vulnerability.
How to fix CVE-2020-5297?: To fix CVE-2020-5297, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2020-5297 being actively exploited in the wild?: It is possible that CVE-2020-5297 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~2% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2020-5297?: CVE-2020-5297 affects octobercms october.

Description

Categories

CWE-73 – External Control of File Name or Path

CWE-610 – Externally Controlled Reference to a Resource in Another Sphere

References

Frequently Asked Questions