Vulnerability Details CVE-2023-44381
October is a Content Management System (CMS) and web platform to assist with development workflow. An authenticated backend user with the `editor.cms_pages`, `editor.cms_layouts`, or `editor.cms_partials` permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to `cms.safe_mode` being enabled can craft a special request to include PHP code in the CMS template. This issue has been patched in version 3.4.15.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 39.8%
CVSS Severity
CVSS v3 Score 4.9
References
Products affected by CVE-2023-44381
-
cpe:2.3:a:octobercms:october:3.0.0
-
cpe:2.3:a:octobercms:october:3.0.10
-
cpe:2.3:a:octobercms:october:3.0.17
-
cpe:2.3:a:octobercms:october:3.0.2
-
cpe:2.3:a:octobercms:october:3.0.22
-
cpe:2.3:a:octobercms:october:3.0.40
-
cpe:2.3:a:octobercms:october:3.0.42
-
cpe:2.3:a:octobercms:october:3.0.45
-
cpe:2.3:a:octobercms:october:3.0.46
-
cpe:2.3:a:octobercms:october:3.0.56
-
cpe:2.3:a:octobercms:october:3.0.6
-
cpe:2.3:a:octobercms:october:3.0.61
-
cpe:2.3:a:octobercms:october:3.0.62
-
cpe:2.3:a:octobercms:october:3.0.63
-
cpe:2.3:a:octobercms:october:3.0.64
-
cpe:2.3:a:octobercms:october:3.0.65
-
cpe:2.3:a:octobercms:october:3.0.66
-
cpe:2.3:a:octobercms:october:3.0.67
-
cpe:2.3:a:octobercms:october:3.0.69
-
cpe:2.3:a:octobercms:october:3.0.7
-
cpe:2.3:a:octobercms:october:3.0.70
-
cpe:2.3:a:octobercms:october:3.0.71
-
cpe:2.3:a:octobercms:october:3.0.72
-
cpe:2.3:a:octobercms:october:3.0.73
-
cpe:2.3:a:octobercms:october:3.0.74
-
cpe:2.3:a:octobercms:october:3.0.75
-
cpe:2.3:a:octobercms:october:3.0.76
-
cpe:2.3:a:octobercms:october:3.0.9
-
cpe:2.3:a:octobercms:october:3.1.0
-
cpe:2.3:a:octobercms:october:3.1.11
-
cpe:2.3:a:octobercms:october:3.1.12
-
cpe:2.3:a:octobercms:october:3.1.16
-
cpe:2.3:a:octobercms:october:3.1.19
-
cpe:2.3:a:octobercms:october:3.1.21
-
cpe:2.3:a:octobercms:october:3.1.22
-
cpe:2.3:a:octobercms:october:3.1.24
-
cpe:2.3:a:octobercms:october:3.1.25
-
cpe:2.3:a:octobercms:october:3.1.26
-
cpe:2.3:a:octobercms:october:3.1.28
-
cpe:2.3:a:octobercms:october:3.1.29
-
cpe:2.3:a:octobercms:october:3.1.4
-
cpe:2.3:a:octobercms:october:3.1.8
-
cpe:2.3:a:octobercms:october:3.1.9
-
cpe:2.3:a:octobercms:october:3.2.0
-
cpe:2.3:a:octobercms:october:3.2.10
-
cpe:2.3:a:octobercms:october:3.2.11
-
cpe:2.3:a:octobercms:october:3.2.12
-
cpe:2.3:a:octobercms:october:3.2.14
-
cpe:2.3:a:octobercms:october:3.2.16
-
cpe:2.3:a:octobercms:october:3.2.17
-
cpe:2.3:a:octobercms:october:3.2.21
-
cpe:2.3:a:octobercms:october:3.2.22
-
cpe:2.3:a:octobercms:october:3.2.23
-
cpe:2.3:a:octobercms:october:3.2.7
-
cpe:2.3:a:octobercms:october:3.2.8
-
cpe:2.3:a:octobercms:october:3.3.0
-
cpe:2.3:a:octobercms:october:3.3.11
-
cpe:2.3:a:octobercms:october:3.3.12
-
cpe:2.3:a:octobercms:october:3.3.14
-
cpe:2.3:a:octobercms:october:3.3.17
-
cpe:2.3:a:octobercms:october:3.3.19
-
cpe:2.3:a:octobercms:october:3.3.20
-
cpe:2.3:a:octobercms:october:3.3.3
-
cpe:2.3:a:octobercms:october:3.3.5
-
cpe:2.3:a:octobercms:october:3.3.7
-
cpe:2.3:a:octobercms:october:3.3.8
-
cpe:2.3:a:octobercms:october:3.3.9
-
cpe:2.3:a:octobercms:october:3.4.0
-
cpe:2.3:a:octobercms:october:3.4.10
-
cpe:2.3:a:octobercms:october:3.4.11
-
cpe:2.3:a:octobercms:october:3.4.12
-
cpe:2.3:a:octobercms:october:3.4.14
-
cpe:2.3:a:octobercms:october:3.4.4
-
cpe:2.3:a:octobercms:october:3.4.6
-
cpe:2.3:a:octobercms:october:3.4.8