CVE-2017-1000195

Published November 17th, 2017

View on NVD ↗

CVSS v3

N/A

CVSS v2

6.4

MEDIUM

Affected

PROJECT

Description

October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting in ability to delete files limited by file permissions on the server.

octobercms/october

Self-hosted CMS platform based on the Laravel PHP Framework.

GitHub

11.1K