CVE-2023-44382

CVSS V2 None CVSS V3 None
Description
October is a Content Management System (CMS) and web platform to assist with development workflow. An authenticated backend user with the `editor.cms_pages`, `editor.cms_layouts`, or `editor.cms_partials` permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to `cms.safe_mode` being enabled can write specific Twig code to escape the Twig sandbox and execute arbitrary PHP. This issue has been patched in 3.4.15.
Overview
  • CVE ID
  • CVE-2023-44382
  • Assigner
  • GitHub_M
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2023-12-01T21:48:41.764Z
  • Last Modified Date
  • 2023-12-01T21:48:41.764Z
References
History
Created Old Value New Value Data Type Notes
2024-06-25 12:35:44 Added to TrackCVE