Vulnerability Details : CVE-2020-5296
In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to delete arbitrary local files of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the `cms.manage_assets` permission. Issue has been patched in Build 466 (v1.0.466).
Vulnerability category: File inclusion
Products affected by CVE-2020-5296
- cpe:2.3:a:octobercms:october:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-5296
0.18%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 54 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-5296
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:P/A:N |
8.0
|
2.9
|
NIST | |
4.9
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N |
1.2
|
3.6
|
NIST | |
6.2
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:N |
1.7
|
4.0
|
GitHub, Inc. |
CWE ids for CVE-2020-5296
-
The product allows user input to control or influence paths or file names that are used in filesystem operations.Assigned by: security-advisories@github.com (Secondary)
-
The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-5296
-
https://github.com/octobercms/october/security/advisories/GHSA-jv6v-fvvx-4932
Arbitrary File Deletion by authenticated backend user with cms.manage_assets permission · Advisory · octobercms/october · GitHubPatch;Third Party Advisory
-
https://github.com/octobercms/october/commit/2b8939cc8b5b6fe81e093fe2c9f883ada4e3c8cc
Improve asset file path handling · octobercms/october@2b8939c · GitHubPatch;Third Party Advisory
-
http://seclists.org/fulldisclosure/2020/Aug/2
Full Disclosure: October CMS <= Build 465 Multiple Vulnerabilities - Arbitrary File ReadExploit;Mailing List;Third Party Advisory
-
http://packetstormsecurity.com/files/158730/October-CMS-Build-465-XSS-File-Read-File-Deletion-CSV-Injection.html
October CMS Build 465 XSS / File Read / File Deletion / CSV Injection ≈ Packet StormExploit;Third Party Advisory;VDB Entry
Jump to