Vulnerability-Lookup

CVE-2021-32649 (GCVE-0-2021-32649)

Vulnerability from cvelistv5 – Published: 2022-01-14 15:05 – Updated: 2025-04-23 19:12

Title

Authenticated file write leads to remote code execution in october/system

Summary

October CMS is a self-hosted content management system (CMS) platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with "create, modify and delete website pages" privileges in the backend is able to execute PHP code by running specially crafted Twig code in the template markup. The issue has been patched in Build 473 (v1.0.473) and v1.1.6. Those unable to upgrade may apply the patch to their installation manually as a workaround.

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Assigner

GitHub_M

References

URL

Tags

	https://github.com/octobercms/october/commit/167b…	x_refsource_MISC
	https://github.com/octobercms/october/security/ad…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	octobercms	october	Affected: < 1.0.473 Affected: >= 1.1.0, < 1.1.6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:25:30.964Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/octobercms/october/commit/167b592eed291ae1563c8fcc5b9b34a03a300f26"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/octobercms/october/security/advisories/GHSA-wv23-pfj7-2mjj"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-32649",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T15:56:55.162396Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-23T19:12:11.368Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "october",
          "vendor": "octobercms",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.0.473"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.1.0, \u003c 1.1.6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "October CMS is a self-hosted content management system (CMS) platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with \"create, modify and delete website pages\" privileges in the backend is able to execute PHP code by running specially crafted Twig code in the template markup. The issue has been patched in Build 473 (v1.0.473) and v1.1.6. Those unable to upgrade may apply the patch to their installation manually as a workaround."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-74",
              "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-14T15:05:17.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/octobercms/october/commit/167b592eed291ae1563c8fcc5b9b34a03a300f26"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/octobercms/october/security/advisories/GHSA-wv23-pfj7-2mjj"
        }
      ],
      "source": {
        "advisory": "GHSA-wv23-pfj7-2mjj",
        "discovery": "UNKNOWN"
      },
      "title": "Authenticated file write leads to remote code execution in october/system",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2021-32649",
          "STATE": "PUBLIC",
          "TITLE": "Authenticated file write leads to remote code execution in october/system"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "october",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 1.0.473"
                          },
                          {
                            "version_value": "\u003e= 1.1.0, \u003c 1.1.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "octobercms"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "October CMS is a self-hosted content management system (CMS) platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with \"create, modify and delete website pages\" privileges in the backend is able to execute PHP code by running specially crafted Twig code in the template markup. The issue has been patched in Build 473 (v1.0.473) and v1.1.6. Those unable to upgrade may apply the patch to their installation manually as a workaround."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/octobercms/october/commit/167b592eed291ae1563c8fcc5b9b34a03a300f26",
              "refsource": "MISC",
              "url": "https://github.com/octobercms/october/commit/167b592eed291ae1563c8fcc5b9b34a03a300f26"
            },
            {
              "name": "https://github.com/octobercms/october/security/advisories/GHSA-wv23-pfj7-2mjj",
              "refsource": "CONFIRM",
              "url": "https://github.com/octobercms/october/security/advisories/GHSA-wv23-pfj7-2mjj"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-wv23-pfj7-2mjj",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2021-32649",
    "datePublished": "2022-01-14T15:05:17.000Z",
    "dateReserved": "2021-05-12T00:00:00.000Z",
    "dateUpdated": "2025-04-23T19:12:11.368Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/octobercms/october/commit/167b592eed291ae1563c8fcc5b9b34a03a300f26\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/octobercms/october/security/advisories/GHSA-wv23-pfj7-2mjj\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T23:25:30.964Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-32649\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-23T15:56:55.162396Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-23T15:56:56.686Z\"}}], \"cna\": {\"title\": \"Authenticated file write leads to remote code execution in october/system\", \"source\": {\"advisory\": \"GHSA-wv23-pfj7-2mjj\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"octobercms\", \"product\": \"october\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.0.473\"}, {\"status\": \"affected\", \"version\": \"\u003e= 1.1.0, \u003c 1.1.6\"}]}], \"references\": [{\"url\": \"https://github.com/octobercms/october/commit/167b592eed291ae1563c8fcc5b9b34a03a300f26\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/octobercms/october/security/advisories/GHSA-wv23-pfj7-2mjj\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"October CMS is a self-hosted content management system (CMS) platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with \\\"create, modify and delete website pages\\\" privileges in the backend is able to execute PHP code by running specially crafted Twig code in the template markup. The issue has been patched in Build 473 (v1.0.473) and v1.1.6. Those unable to upgrade may apply the patch to their installation manually as a workaround.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-74\", \"description\": \"CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2022-01-14T15:05:17.000Z\"}, \"x_legacyV4Record\": {\"impact\": {\"cvss\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, \"source\": {\"advisory\": \"GHSA-wv23-pfj7-2mjj\", \"discovery\": \"UNKNOWN\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"\u003c 1.0.473\"}, {\"version_value\": \"\u003e= 1.1.0, \u003c 1.1.6\"}]}, \"product_name\": \"october\"}]}, \"vendor_name\": \"octobercms\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://github.com/octobercms/october/commit/167b592eed291ae1563c8fcc5b9b34a03a300f26\", \"name\": \"https://github.com/octobercms/october/commit/167b592eed291ae1563c8fcc5b9b34a03a300f26\", \"refsource\": \"MISC\"}, {\"url\": \"https://github.com/octobercms/october/security/advisories/GHSA-wv23-pfj7-2mjj\", \"name\": \"https://github.com/octobercms/october/security/advisories/GHSA-wv23-pfj7-2mjj\", \"refsource\": \"CONFIRM\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"October CMS is a self-hosted content management system (CMS) platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with \\\"create, modify and delete website pages\\\" privileges in the backend is able to execute PHP code by running specially crafted Twig code in the template markup. The issue has been patched in Build 473 (v1.0.473) and v1.1.6. Those unable to upgrade may apply the patch to their installation manually as a workaround.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2021-32649\", \"STATE\": \"PUBLIC\", \"TITLE\": \"Authenticated file write leads to remote code execution in october/system\", \"ASSIGNER\": \"security-advisories@github.com\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2021-32649\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-23T19:12:11.368Z\", \"dateReserved\": \"2021-05-12T00:00:00.000Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2022-01-14T15:05:17.000Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GSD-2021-32649

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-32649

Aliases

CVE-2021-32649

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-32649",
    "description": "October CMS is a self-hosted content management system (CMS) platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with \"create, modify and delete website pages\" privileges in the backend is able to execute PHP code by running specially crafted Twig code in the template markup. The issue has been patched in Build 473 (v1.0.473) and v1.1.6. Those unable to upgrade may apply the patch to their installation manually as a workaround.",
    "id": "GSD-2021-32649"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-32649"
      ],
      "details": "October CMS is a self-hosted content management system (CMS) platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with \"create, modify and delete website pages\" privileges in the backend is able to execute PHP code by running specially crafted Twig code in the template markup. The issue has been patched in Build 473 (v1.0.473) and v1.1.6. Those unable to upgrade may apply the patch to their installation manually as a workaround.",
      "id": "GSD-2021-32649",
      "modified": "2023-12-13T01:23:09.346312Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2021-32649",
        "STATE": "PUBLIC",
        "TITLE": "Authenticated file write leads to remote code execution in october/system"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "october",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "\u003c 1.0.473"
                        },
                        {
                          "version_value": "\u003e= 1.1.0, \u003c 1.1.6"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "octobercms"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "October CMS is a self-hosted content management system (CMS) platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with \"create, modify and delete website pages\" privileges in the backend is able to execute PHP code by running specially crafted Twig code in the template markup. The issue has been patched in Build 473 (v1.0.473) and v1.1.6. Those unable to upgrade may apply the patch to their installation manually as a workaround."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/octobercms/october/commit/167b592eed291ae1563c8fcc5b9b34a03a300f26",
            "refsource": "MISC",
            "url": "https://github.com/octobercms/october/commit/167b592eed291ae1563c8fcc5b9b34a03a300f26"
          },
          {
            "name": "https://github.com/octobercms/october/security/advisories/GHSA-wv23-pfj7-2mjj",
            "refsource": "CONFIRM",
            "url": "https://github.com/octobercms/october/security/advisories/GHSA-wv23-pfj7-2mjj"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-wv23-pfj7-2mjj",
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003c1.0.473||\u003e=1.1.0,\u003c1.1.6",
          "affected_versions": "All versions before 1.0.473, all versions starting from 1.1.0 before 1.1.6",
          "cvss_v2": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-937",
            "CWE-94"
          ],
          "date": "2022-08-05",
          "description": "October CMS is a self-hosted content management system (CMS) platform based on the Laravel PHP Framework., an attacker with \"create, modify and delete website pages\" privileges in the backend is able to execute PHP code by running specially crafted Twig code in the template markup. The issue has been patched in Build (v1.0.473) and v1.1.6. Those unable to upgrade may apply the patch to their installation manually as a workaround.",
          "fixed_versions": [
            "1.0.473",
            "1.1.6"
          ],
          "identifier": "CVE-2021-32649",
          "identifiers": [
            "CVE-2021-32649",
            "GHSA-wv23-pfj7-2mjj"
          ],
          "not_impacted": "All versions starting from 1.0.473 before 1.1.0, all versions starting from 1.1.6",
          "package_slug": "packagist/october/october",
          "pubdate": "2022-01-14",
          "solution": "Upgrade to versions 1.0.473, 1.1.6 or above.",
          "title": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2021-32649",
            "https://github.com/octobercms/october/security/advisories/GHSA-wv23-pfj7-2mjj",
            "https://github.com/octobercms/october/commit/167b592eed291ae1563c8fcc5b9b34a03a300f26"
          ],
          "uuid": "f6ad6d77-703b-42ab-b70e-98549f9d75cb"
        },
        {
          "affected_range": "\u003e=1.1.0,\u003c1.1.6||\u003c1.0.473",
          "affected_versions": "All versions starting from 1.1.0 before 1.1.6, all versions before 1.0.473",
          "cvss_v2": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-74",
            "CWE-78",
            "CWE-937"
          ],
          "date": "2022-01-26",
          "description": "October CMS is a self-hosted content management system (CMS) platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with \"create, modify and delete website pages\" privileges in the backend is able to execute PHP code by running specially crafted Twig code in the template markup. The issue has been patched in Build 473 (v1.0.473) and v1.1.6. Those unable to upgrade may apply the patch to their installation manually as a workaround.",
          "fixed_versions": [
            "1.0.473"
          ],
          "identifier": "CVE-2021-32649",
          "identifiers": [
            "GHSA-wv23-pfj7-2mjj",
            "CVE-2021-32649"
          ],
          "not_impacted": "All versions before 1.1.0, all versions starting from 1.0.473 before 1.1.6",
          "package_slug": "packagist/october/system",
          "pubdate": "2022-01-14",
          "solution": "Upgrade to version 1.0.473 or above.",
          "title": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
          "urls": [
            "https://github.com/octobercms/october/security/advisories/GHSA-wv23-pfj7-2mjj",
            "https://nvd.nist.gov/vuln/detail/CVE-2021-32649",
            "https://github.com/octobercms/october/commit/167b592eed291ae1563c8fcc5b9b34a03a300f26",
            "https://github.com/advisories/GHSA-wv23-pfj7-2mjj"
          ],
          "uuid": "d484aa14-439f-4696-a642-d4891f879de7"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:octobercms:october:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.1.6",
                "versionStartIncluding": "1.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:octobercms:october:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.0.473",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2021-32649"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "October CMS is a self-hosted content management system (CMS) platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with \"create, modify and delete website pages\" privileges in the backend is able to execute PHP code by running specially crafted Twig code in the template markup. The issue has been patched in Build 473 (v1.0.473) and v1.1.6. Those unable to upgrade may apply the patch to their installation manually as a workaround."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-94"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/octobercms/october/security/advisories/GHSA-wv23-pfj7-2mjj",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/octobercms/october/security/advisories/GHSA-wv23-pfj7-2mjj"
            },
            {
              "name": "https://github.com/octobercms/october/commit/167b592eed291ae1563c8fcc5b9b34a03a300f26",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/octobercms/october/commit/167b592eed291ae1563c8fcc5b9b34a03a300f26"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-08-05T11:31Z",
      "publishedDate": "2022-01-14T15:15Z"
    }
  }
}

CNVD-2022-08037

Vulnerability from cnvd - Published: 2022-01-30

Title

October CMS文件上传漏洞

Description

October CMS是一套基于PHP和Laravel Web应用程序框架的开源内容管理系统（CMS）。 October CMS存在文件上传漏洞，该漏洞源于该管理系统存在“创建、修改和删除网站页面”特权，攻击者可利用该漏洞上传特定的代码来执行PHP代码。

Severity

中

Patch Name

October CMS文件上传漏洞的补丁

Patch Description

October CMS是一套基于PHP和Laravel Web应用程序框架的开源内容管理系统（CMS）。 October CMS存在文件上传漏洞，该漏洞源于该管理系统存在“创建、修改和删除网站页面”特权，攻击者可利用该漏洞上传特定的代码来执行PHP代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://github.com/octobercms/october/security/advisories/GHSA-wv23-pfj7-2mjj

Reference

https://nvd.nist.gov/vuln/detail/CVE-2021-32649

Impacted products

Name
['October CMS October CMS <1.0.473', 'October CMS October CMS >=1.1.0，<1.1.6']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-32649",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-32649"
    }
  },
  "description": "October CMS\u662f\u4e00\u5957\u57fa\u4e8ePHP\u548cLaravel Web\u5e94\u7528\u7a0b\u5e8f\u6846\u67b6\u7684\u5f00\u6e90\u5185\u5bb9\u7ba1\u7406\u7cfb\u7edf\uff08CMS\uff09\u3002\n\nOctober CMS\u5b58\u5728\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8be5\u7ba1\u7406\u7cfb\u7edf\u5b58\u5728\u201c\u521b\u5efa\u3001\u4fee\u6539\u548c\u5220\u9664\u7f51\u7ad9\u9875\u9762\u201d\u7279\u6743\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4e0a\u4f20\u7279\u5b9a\u7684\u4ee3\u7801\u6765\u6267\u884cPHP\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/octobercms/october/security/advisories/GHSA-wv23-pfj7-2mjj",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-08037",
  "openTime": "2022-01-30",
  "patchDescription": "October CMS\u662f\u4e00\u5957\u57fa\u4e8ePHP\u548cLaravel Web\u5e94\u7528\u7a0b\u5e8f\u6846\u67b6\u7684\u5f00\u6e90\u5185\u5bb9\u7ba1\u7406\u7cfb\u7edf\uff08CMS\uff09\u3002\r\n\r\nOctober CMS\u5b58\u5728\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8be5\u7ba1\u7406\u7cfb\u7edf\u5b58\u5728\u201c\u521b\u5efa\u3001\u4fee\u6539\u548c\u5220\u9664\u7f51\u7ad9\u9875\u9762\u201d\u7279\u6743\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4e0a\u4f20\u7279\u5b9a\u7684\u4ee3\u7801\u6765\u6267\u884cPHP\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "October CMS\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "October CMS October CMS \u003c1.0.473",
      "October CMS October CMS \u003e=1.1.0\uff0c\u003c1.1.6"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-32649",
  "serverity": "\u4e2d",
  "submitTime": "2022-01-17",
  "title": "October CMS\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e"
}

FKIE_CVE-2021-32649

Vulnerability from fkie_nvd - Published: 2022-01-14 15:15 - Updated: 2024-11-21 06:07

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/octobercms/october/commit/167b592eed291ae1563c8fcc5b9b34a03a300f26	Patch, Third Party Advisory
security-advisories@github.com	https://github.com/octobercms/october/security/advisories/GHSA-wv23-pfj7-2mjj	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/octobercms/october/commit/167b592eed291ae1563c8fcc5b9b34a03a300f26	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/octobercms/october/security/advisories/GHSA-wv23-pfj7-2mjj	Patch, Third Party Advisory

Impacted products

	Vendor	Product	Version
	octobercms	october	*
	octobercms	october	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:octobercms:october:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "825E6E25-2039-4C79-9B48-EDE2B1EB9A2F",
              "versionEndExcluding": "1.0.473",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:octobercms:october:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C00C0780-FBDC-493D-B97B-CE805D3606B7",
              "versionEndExcluding": "1.1.6",
              "versionStartIncluding": "1.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "October CMS is a self-hosted content management system (CMS) platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with \"create, modify and delete website pages\" privileges in the backend is able to execute PHP code by running specially crafted Twig code in the template markup. The issue has been patched in Build 473 (v1.0.473) and v1.1.6. Those unable to upgrade may apply the patch to their installation manually as a workaround."
    },
    {
      "lang": "es",
      "value": "October CMS es una plataforma de sistema de administraci\u00f3n de contenidos (CMS) auto alojada basada en el framework PHP Laravel. En versiones anteriores a 1.0.473 y 1.1.6, un atacante con privilegios \"create, modify and delete website pages\" en el backend es capaz de ejecutar c\u00f3digo PHP mediante la ejecuci\u00f3n de c\u00f3digo Twig especialmente dise\u00f1ado en el marcado de la plantilla. El problema ha sido parcheado en la Build 473 (v1.0.473) y versi\u00f3n v1.1.6. Los que no puedan actualizar pueden aplicar el parche a su instalaci\u00f3n manualmente como medida de mitigaci\u00f3n"
    }
  ],
  "id": "CVE-2021-32649",
  "lastModified": "2024-11-21T06:07:27.430",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-01-14T15:15:07.523",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/octobercms/october/commit/167b592eed291ae1563c8fcc5b9b34a03a300f26"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/octobercms/october/security/advisories/GHSA-wv23-pfj7-2mjj"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/octobercms/october/commit/167b592eed291ae1563c8fcc5b9b34a03a300f26"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/octobercms/october/security/advisories/GHSA-wv23-pfj7-2mjj"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-74"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-WV23-PFJ7-2MJJ

Vulnerability from github – Published: 2022-01-14 21:08 – Updated: 2022-08-11 16:54

Summary

October/System authenticated file write leads to remote code execution

Details

Impact

Assuming an attacker with "create, modify and delete website pages" privileges in the backend is able to execute PHP code by running specially crafted Twig code in the template markup.

Patches

Issue has been patched in Build 473 and v1.1.6

Workarounds

Apply https://github.com/octobercms/october/commit/167b592eed291ae1563c8fcc5b9b34a03a300f26 to your installation manually if you are unable to upgrade.

References

Credits to: • David Miller

For more information

If you have any questions or comments about this advisory: * Email us at hello@octobercms.com

Severity ?

8.8 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "october/system"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.1.0"
            },
            {
              "fixed": "1.1.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "october/system"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.0.473"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-32649"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-74",
      "CWE-94"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-01-14T20:49:20Z",
    "nvd_published_at": "2022-01-14T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nAssuming an attacker with \"create, modify and delete website pages\" privileges in the backend is able to execute PHP code by running specially crafted Twig code in the template markup.\n\n### Patches\n\nIssue has been patched in Build 473 and v1.1.6\n\n### Workarounds\n\nApply https://github.com/octobercms/october/commit/167b592eed291ae1563c8fcc5b9b34a03a300f26 to your installation manually if you are unable to upgrade.\n\n### References\n\nCredits to:\n\u2022 David Miller\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Email us at [hello@octobercms.com](mailto:hello@octobercms.com)\n",
  "id": "GHSA-wv23-pfj7-2mjj",
  "modified": "2022-08-11T16:54:35Z",
  "published": "2022-01-14T21:08:23Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/octobercms/october/security/advisories/GHSA-wv23-pfj7-2mjj"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32649"
    },
    {
      "type": "WEB",
      "url": "https://github.com/octobercms/october/commit/167b592eed291ae1563c8fcc5b9b34a03a300f26"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/octobercms/october"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "October/System authenticated file write leads to remote code execution"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-32649 (GCVE-0-2021-32649)

GSD-2021-32649

CNVD-2022-08037

FKIE_CVE-2021-32649

GHSA-WV23-PFJ7-2MJJ

Impact

Patches

Workarounds

References

For more information

Tags

Sightings

Nomenclature