Vulnerability Description
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.421 and before version 1.0.469, an attacker can read local files on an October CMS server via a specially crafted request. Issue has been patched in Build 469 (v1.0.469) and v1.1.0.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Octobercms | October | >= 1.0.421, < 1.0.469 |
Related Weaknesses (CWE)
References
- https://github.com/octobercms/library/commit/80aab47f044a2660aa352450f55137598f3PatchThird Party Advisory
- https://github.com/octobercms/october/security/advisories/GHSA-xwjr-6fj7-fc6hThird Party Advisory
- https://github.com/octobercms/library/commit/80aab47f044a2660aa352450f55137598f3PatchThird Party Advisory
- https://github.com/octobercms/october/security/advisories/GHSA-xwjr-6fj7-fc6hThird Party Advisory
FAQ
What is CVE-2020-15246?
CVE-2020-15246 is a vulnerability with a CVSS score of 7.5 (HIGH). October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.421 and before version 1.0.469, an attacker can read local files on an Octo...
How severe is CVE-2020-15246?
CVE-2020-15246 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-15246?
Check the references section above for vendor advisories and patch information. Affected products include: Octobercms October.