CVE-2017-1000195
First published: Fri Nov 17 2017(Updated: )
October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting in ability to delete files limited by file permissions on the server.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Octobercms October | <=1.0.412 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2017-1000195?
CVE-2017-1000195 is a vulnerability in October CMS build 412 that allows for PHP object injection in the asset move functionality, potentially resulting in the ability to delete files that are limited by file permissions on the server.
How severe is CVE-2017-1000195?
CVE-2017-1000195 has a severity rating of high with a CVSS score of 7.5.
Which version of October CMS is affected by CVE-2017-1000195?
October CMS build 412 is affected by CVE-2017-1000195.
How can CVE-2017-1000195 be exploited?
CVE-2017-1000195 can be exploited by injecting malicious PHP objects through the asset move functionality in October CMS build 412.
Is there a fix for CVE-2017-1000195?
Yes, a fix is available. Users are recommended to update to a version of October CMS that is not affected by CVE-2017-1000195.
- collector/nvd-index
- agent/weakness
- agent/event
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/octobercms
- canonical/octobercms october
- version/octobercms october/1.0.412