CVE-2023-44381 - Vulnerability Details - OpenCVE

October is a Content Management System (CMS) and web platform to assist with development workflow. An authenticated backend user with the `editor.cms_pages`, `editor.cms_layouts`, or `editor.cms_partials` permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to `cms.safe_mode` being enabled can craft a special request to include PHP code in the CMS template. This issue has been patched in version 3.4.15.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00175.

Key SSVC decision points have not yet been added.

Vendors	Products
Octobercms	October

Configuration 1 [-]

cpe:2.3:a:octobercms:october:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-3012	October is a Content Management System (CMS) and web platform to assist with development workflow. An authenticated backend user with the `editor.cms_pages`, `editor.cms_layouts`, or `editor.cms_partials` permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to `cms.safe_mode` being enabled can craft a special request to include PHP code in the CMS template. This issue has been patched in version 3.4.15.
Github GHSA	GHSA-q22j-5r3g-9hmh	October CMS safe mode bypass using Page template injection

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/octobercms/october/security/advisories/GHSA-q22j-5r3g-9hmh

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-12-01T21:48:44.064Z

Updated: 2024-08-02T20:07:32.781Z

Reserved: 2023-09-28T17:56:32.612Z

Link: CVE-2023-44381

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-12-01T22:15:09.573

Modified: 2024-11-21T08:25:46.980

Link: CVE-2023-44381

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-44381", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-09-28T17:56:32.612Z", "datePublished": "2023-12-01T21:48:44.064Z", "dateUpdated": "2024-08-02T20:07:32.781Z"}, "containers": {"cna": {"title": "October CMS safe mode bypass using Page template injection", "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "lang": "en", "description": "CWE-94: Improper Control of Generation of Code ('Code Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/octobercms/october/security/advisories/GHSA-q22j-5r3g-9hmh", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/octobercms/october/security/advisories/GHSA-q22j-5r3g-9hmh"}], "affected": [{"vendor": "octobercms", "product": "october", "versions": [{"version": ">= 3.0.0, < 3.4.15", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-12-01T21:48:44.064Z"}, "descriptions": [{"lang": "en", "value": "October is a Content Management System (CMS) and web platform to assist with development workflow. An authenticated backend user with the `editor.cms_pages`, `editor.cms_layouts`, or `editor.cms_partials` permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to `cms.safe_mode` being enabled can craft a special request to include PHP code in the CMS template. This issue has been patched in version 3.4.15."}], "source": {"advisory": "GHSA-q22j-5r3g-9hmh", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T20:07:32.781Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/octobercms/october/security/advisories/GHSA-q22j-5r3g-9hmh", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/octobercms/october/security/advisories/GHSA-q22j-5r3g-9hmh"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:octobercms:october:*:*:*:*:*:*:*:*", "matchCriteriaId": "19EF8091-8849-4A30-831A-E158A085871B", "versionEndExcluding": "3.4.15", "versionStartIncluding": "3.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "October is a Content Management System (CMS) and web platform to assist with development workflow. An authenticated backend user with the `editor.cms_pages`, `editor.cms_layouts`, or `editor.cms_partials` permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to `cms.safe_mode` being enabled can craft a special request to include PHP code in the CMS template. This issue has been patched in version 3.4.15."}, {"lang": "es", "value": "October es Content Management System (CMS) y una plataforma web para ayudar con el flujo de trabajo de desarrollo. Un usuario backend autenticado con los permisos `editor.cms_pages`, `editor.cms_layouts` o `editor.cms_partials` a quien normalmente no se le permitir\u00eda proporcionar c\u00f3digo PHP para que lo ejecute el CMS debido a que `cms.safe_mode` est\u00e1 habilitado puede manipular una solicitud especial para incluir c\u00f3digo PHP en la plantilla CMS. Este problema se solucion\u00f3 en la versi\u00f3n 3.4.15."}], "id": "CVE-2023-44381", "lastModified": "2024-11-21T08:25:46.980", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-12-01T22:15:09.573", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/octobercms/october/security/advisories/GHSA-q22j-5r3g-9hmh"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/octobercms/october/security/advisories/GHSA-q22j-5r3g-9hmh"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "security-advisories@github.com", "type": "Secondary"}]}