CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-5299

In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, any users with the ability to modify any data that could eventually be exported as a CSV file from the `ImportExportController` could potentially introduce a CSV injection into the data to cause the generated CSV export file to be malicious. This requires attackers to achieve the following before a successful attack can be completed: 1. Have found a vulnerability in the victims spreadsheet software of choice. 2. Control data that would potentially be exported through the `ImportExportController` by a theoretical victim. 3. Convince the victim to export above data as a CSV and run it in vulnerable spreadsheet software while also bypassing any sanity checks by said software. Issue has been patched in Build 466 (v1.0.466).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.007

EPSS Ranking 70.5%

CVSS Severity

CVSS v3 Score 4.0

CVSS v2 Score 4.6

References

Products affected by CVE-2020-5299

Octobercms » October » Version: 1.0.319

cpe:2.3:a:octobercms:october:1.0.319
Octobercms » October » Version: 1.0.320

cpe:2.3:a:octobercms:october:1.0.320
Octobercms » October » Version: 1.0.321

cpe:2.3:a:octobercms:october:1.0.321
Octobercms » October » Version: 1.0.322

cpe:2.3:a:octobercms:october:1.0.322
Octobercms » October » Version: 1.0.323

cpe:2.3:a:octobercms:october:1.0.323
Octobercms » October » Version: 1.0.324

cpe:2.3:a:octobercms:october:1.0.324
Octobercms » October » Version: 1.0.325

cpe:2.3:a:octobercms:october:1.0.325
Octobercms » October » Version: 1.0.326

cpe:2.3:a:octobercms:october:1.0.326
Octobercms » October » Version: 1.0.327

cpe:2.3:a:octobercms:october:1.0.327
Octobercms » October » Version: 1.0.328

cpe:2.3:a:octobercms:october:1.0.328
Octobercms » October » Version: 1.0.329

cpe:2.3:a:octobercms:october:1.0.329
Octobercms » October » Version: 1.0.330

cpe:2.3:a:octobercms:october:1.0.330
Octobercms » October » Version: 1.0.331

cpe:2.3:a:octobercms:october:1.0.331
Octobercms » October » Version: 1.0.332

cpe:2.3:a:octobercms:october:1.0.332
Octobercms » October » Version: 1.0.333

cpe:2.3:a:octobercms:october:1.0.333
Octobercms » October » Version: 1.0.334

cpe:2.3:a:octobercms:october:1.0.334
Octobercms » October » Version: 1.0.335

cpe:2.3:a:octobercms:october:1.0.335
Octobercms » October » Version: 1.0.336

cpe:2.3:a:octobercms:october:1.0.336
Octobercms » October » Version: 1.0.337

cpe:2.3:a:octobercms:october:1.0.337
Octobercms » October » Version: 1.0.338

cpe:2.3:a:octobercms:october:1.0.338
Octobercms » October » Version: 1.0.339

cpe:2.3:a:octobercms:october:1.0.339
Octobercms » October » Version: 1.0.340

cpe:2.3:a:octobercms:october:1.0.340
Octobercms » October » Version: 1.0.341

cpe:2.3:a:octobercms:october:1.0.341
Octobercms » October » Version: 1.0.342

cpe:2.3:a:octobercms:october:1.0.342
Octobercms » October » Version: 1.0.343

cpe:2.3:a:octobercms:october:1.0.343
Octobercms » October » Version: 1.0.344

cpe:2.3:a:octobercms:october:1.0.344
Octobercms » October » Version: 1.0.345

cpe:2.3:a:octobercms:october:1.0.345
Octobercms » October » Version: 1.0.346

cpe:2.3:a:octobercms:october:1.0.346
Octobercms » October » Version: 1.0.347

cpe:2.3:a:octobercms:october:1.0.347
Octobercms » October » Version: 1.0.348

cpe:2.3:a:octobercms:october:1.0.348
Octobercms » October » Version: 1.0.349

cpe:2.3:a:octobercms:october:1.0.349
Octobercms » October » Version: 1.0.350

cpe:2.3:a:octobercms:october:1.0.350
Octobercms » October » Version: 1.0.351

cpe:2.3:a:octobercms:october:1.0.351
Octobercms » October » Version: 1.0.352

cpe:2.3:a:octobercms:october:1.0.352
Octobercms » October » Version: 1.0.353

cpe:2.3:a:octobercms:october:1.0.353
Octobercms » October » Version: 1.0.354

cpe:2.3:a:octobercms:october:1.0.354
Octobercms » October » Version: 1.0.355

cpe:2.3:a:octobercms:october:1.0.355
Octobercms » October » Version: 1.0.356

cpe:2.3:a:octobercms:october:1.0.356
Octobercms » October » Version: 1.0.357

cpe:2.3:a:octobercms:october:1.0.357
Octobercms » October » Version: 1.0.358

cpe:2.3:a:octobercms:october:1.0.358
Octobercms » October » Version: 1.0.359

cpe:2.3:a:octobercms:october:1.0.359
Octobercms » October » Version: 1.0.360

cpe:2.3:a:octobercms:october:1.0.360
Octobercms » October » Version: 1.0.361

cpe:2.3:a:octobercms:october:1.0.361
Octobercms » October » Version: 1.0.362

cpe:2.3:a:octobercms:october:1.0.362
Octobercms » October » Version: 1.0.363

cpe:2.3:a:octobercms:october:1.0.363
Octobercms » October » Version: 1.0.364

cpe:2.3:a:octobercms:october:1.0.364
Octobercms » October » Version: 1.0.365

cpe:2.3:a:octobercms:october:1.0.365
Octobercms » October » Version: 1.0.366

cpe:2.3:a:octobercms:october:1.0.366
Octobercms » October » Version: 1.0.367

cpe:2.3:a:octobercms:october:1.0.367
Octobercms » October » Version: 1.0.368

cpe:2.3:a:octobercms:october:1.0.368
Octobercms » October » Version: 1.0.369

cpe:2.3:a:octobercms:october:1.0.369
Octobercms » October » Version: 1.0.370

cpe:2.3:a:octobercms:october:1.0.370
Octobercms » October » Version: 1.0.371

cpe:2.3:a:octobercms:october:1.0.371
Octobercms » October » Version: 1.0.372

cpe:2.3:a:octobercms:october:1.0.372
Octobercms » October » Version: 1.0.373

cpe:2.3:a:octobercms:october:1.0.373
Octobercms » October » Version: 1.0.374

cpe:2.3:a:octobercms:october:1.0.374
Octobercms » October » Version: 1.0.375

cpe:2.3:a:octobercms:october:1.0.375
Octobercms » October » Version: 1.0.376

cpe:2.3:a:octobercms:october:1.0.376
Octobercms » October » Version: 1.0.377

cpe:2.3:a:octobercms:october:1.0.377
Octobercms » October » Version: 1.0.378

cpe:2.3:a:octobercms:october:1.0.378
Octobercms » October » Version: 1.0.379

cpe:2.3:a:octobercms:october:1.0.379
Octobercms » October » Version: 1.0.380

cpe:2.3:a:octobercms:october:1.0.380
Octobercms » October » Version: 1.0.381

cpe:2.3:a:octobercms:october:1.0.381
Octobercms » October » Version: 1.0.382

cpe:2.3:a:octobercms:october:1.0.382
Octobercms » October » Version: 1.0.383

cpe:2.3:a:octobercms:october:1.0.383
Octobercms » October » Version: 1.0.384

cpe:2.3:a:octobercms:october:1.0.384
Octobercms » October » Version: 1.0.385

cpe:2.3:a:octobercms:october:1.0.385
Octobercms » October » Version: 1.0.386

cpe:2.3:a:octobercms:october:1.0.386
Octobercms » October » Version: 1.0.387

cpe:2.3:a:octobercms:october:1.0.387
Octobercms » October » Version: 1.0.388

cpe:2.3:a:octobercms:october:1.0.388
Octobercms » October » Version: 1.0.389

cpe:2.3:a:octobercms:october:1.0.389
Octobercms » October » Version: 1.0.390

cpe:2.3:a:octobercms:october:1.0.390
Octobercms » October » Version: 1.0.391

cpe:2.3:a:octobercms:october:1.0.391
Octobercms » October » Version: 1.0.392

cpe:2.3:a:octobercms:october:1.0.392
Octobercms » October » Version: 1.0.393

cpe:2.3:a:octobercms:october:1.0.393
Octobercms » October » Version: 1.0.394

cpe:2.3:a:octobercms:october:1.0.394
Octobercms » October » Version: 1.0.395

cpe:2.3:a:octobercms:october:1.0.395
Octobercms » October » Version: 1.0.396

cpe:2.3:a:octobercms:october:1.0.396
Octobercms » October » Version: 1.0.397

cpe:2.3:a:octobercms:october:1.0.397
Octobercms » October » Version: 1.0.398

cpe:2.3:a:octobercms:october:1.0.398
Octobercms » October » Version: 1.0.399

cpe:2.3:a:octobercms:october:1.0.399
Octobercms » October » Version: 1.0.400

cpe:2.3:a:octobercms:october:1.0.400
Octobercms » October » Version: 1.0.401

cpe:2.3:a:octobercms:october:1.0.401
Octobercms » October » Version: 1.0.402

cpe:2.3:a:octobercms:october:1.0.402
Octobercms » October » Version: 1.0.403

cpe:2.3:a:octobercms:october:1.0.403
Octobercms » October » Version: 1.0.404

cpe:2.3:a:octobercms:october:1.0.404
Octobercms » October » Version: 1.0.405

cpe:2.3:a:octobercms:october:1.0.405
Octobercms » October » Version: 1.0.406

cpe:2.3:a:octobercms:october:1.0.406
Octobercms » October » Version: 1.0.407

cpe:2.3:a:octobercms:october:1.0.407
Octobercms » October » Version: 1.0.408

cpe:2.3:a:octobercms:october:1.0.408
Octobercms » October » Version: 1.0.409

cpe:2.3:a:octobercms:october:1.0.409
Octobercms » October » Version: 1.0.410

cpe:2.3:a:octobercms:october:1.0.410
Octobercms » October » Version: 1.0.411

cpe:2.3:a:octobercms:october:1.0.411
Octobercms » October » Version: 1.0.412

cpe:2.3:a:octobercms:october:1.0.412
Octobercms » October » Version: 1.0.413

cpe:2.3:a:octobercms:october:1.0.413
Octobercms » October » Version: 1.0.414

cpe:2.3:a:octobercms:october:1.0.414
Octobercms » October » Version: 1.0.415

cpe:2.3:a:octobercms:october:1.0.415
Octobercms » October » Version: 1.0.416

cpe:2.3:a:octobercms:october:1.0.416
Octobercms » October » Version: 1.0.417

cpe:2.3:a:octobercms:october:1.0.417
Octobercms » October » Version: 1.0.418

cpe:2.3:a:octobercms:october:1.0.418
Octobercms » October » Version: 1.0.419

cpe:2.3:a:octobercms:october:1.0.419
Octobercms » October » Version: 1.0.420

cpe:2.3:a:octobercms:october:1.0.420
Octobercms » October » Version: 1.0.421

cpe:2.3:a:octobercms:october:1.0.421
Octobercms » October » Version: 1.0.422

cpe:2.3:a:octobercms:october:1.0.422
Octobercms » October » Version: 1.0.423

cpe:2.3:a:octobercms:october:1.0.423
Octobercms » October » Version: 1.0.424

cpe:2.3:a:octobercms:october:1.0.424
Octobercms » October » Version: 1.0.425

cpe:2.3:a:octobercms:october:1.0.425
Octobercms » October » Version: 1.0.426

cpe:2.3:a:octobercms:october:1.0.426
Octobercms » October » Version: 1.0.427

cpe:2.3:a:octobercms:october:1.0.427
Octobercms » October » Version: 1.0.428

cpe:2.3:a:octobercms:october:1.0.428
Octobercms » October » Version: 1.0.429

cpe:2.3:a:octobercms:october:1.0.429
Octobercms » October » Version: 1.0.430

cpe:2.3:a:octobercms:october:1.0.430
Octobercms » October » Version: 1.0.431

cpe:2.3:a:octobercms:october:1.0.431
Octobercms » October » Version: 1.0.432

cpe:2.3:a:octobercms:october:1.0.432
Octobercms » October » Version: 1.0.433

cpe:2.3:a:octobercms:october:1.0.433
Octobercms » October » Version: 1.0.434

cpe:2.3:a:octobercms:october:1.0.434
Octobercms » October » Version: 1.0.435

cpe:2.3:a:octobercms:october:1.0.435
Octobercms » October » Version: 1.0.436

cpe:2.3:a:octobercms:october:1.0.436
Octobercms » October » Version: 1.0.437

cpe:2.3:a:octobercms:october:1.0.437
Octobercms » October » Version: 1.0.438

cpe:2.3:a:octobercms:october:1.0.438
Octobercms » October » Version: 1.0.439

cpe:2.3:a:octobercms:october:1.0.439
Octobercms » October » Version: 1.0.440

cpe:2.3:a:octobercms:october:1.0.440
Octobercms » October » Version: 1.0.441

cpe:2.3:a:octobercms:october:1.0.441
Octobercms » October » Version: 1.0.442

cpe:2.3:a:octobercms:october:1.0.442
Octobercms » October » Version: 1.0.443

cpe:2.3:a:octobercms:october:1.0.443
Octobercms » October » Version: 1.0.444

cpe:2.3:a:octobercms:october:1.0.444
Octobercms » October » Version: 1.0.445

cpe:2.3:a:octobercms:october:1.0.445
Octobercms » October » Version: 1.0.446

cpe:2.3:a:octobercms:october:1.0.446
Octobercms » October » Version: 1.0.447

cpe:2.3:a:octobercms:october:1.0.447
Octobercms » October » Version: 1.0.448

cpe:2.3:a:octobercms:october:1.0.448
Octobercms » October » Version: 1.0.449

cpe:2.3:a:octobercms:october:1.0.449
Octobercms » October » Version: 1.0.450

cpe:2.3:a:octobercms:october:1.0.450
Octobercms » October » Version: 1.0.451

cpe:2.3:a:octobercms:october:1.0.451
Octobercms » October » Version: 1.0.452

cpe:2.3:a:octobercms:october:1.0.452
Octobercms » October » Version: 1.0.453

cpe:2.3:a:octobercms:october:1.0.453
Octobercms » October » Version: 1.0.454

cpe:2.3:a:octobercms:october:1.0.454
Octobercms » October » Version: 1.0.455

cpe:2.3:a:octobercms:october:1.0.455
Octobercms » October » Version: 1.0.456

cpe:2.3:a:octobercms:october:1.0.456
Octobercms » October » Version: 1.0.457

cpe:2.3:a:octobercms:october:1.0.457
Octobercms » October » Version: 1.0.458

cpe:2.3:a:octobercms:october:1.0.458
Octobercms » October » Version: 1.0.459

cpe:2.3:a:octobercms:october:1.0.459
Octobercms » October » Version: 1.0.460

cpe:2.3:a:octobercms:october:1.0.460
Octobercms » October » Version: 1.0.461

cpe:2.3:a:octobercms:october:1.0.461
Octobercms » October » Version: 1.0.462

cpe:2.3:a:octobercms:october:1.0.462
Octobercms » October » Version: 1.0.463

cpe:2.3:a:octobercms:october:1.0.463
Octobercms » October » Version: 1.0.464

cpe:2.3:a:octobercms:october:1.0.464
Octobercms » October » Version: 1.0.465

cpe:2.3:a:octobercms:october:1.0.465

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-5299

Products

Pricing

Contact Us