CVE-2023-44381: October CMS safe mode bypass using Page template injection
First published: Wed Nov 29 2023(Updated: )
October is a Content Management System (CMS) and web platform to assist with development workflow. An authenticated backend user with the `editor.cms_pages`, `editor.cms_layouts`, or `editor.cms_partials` permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to `cms.safe_mode` being enabled can craft a special request to include PHP code in the CMS template. This issue has been patched in version 3.4.15.
Credit: security-advisories@github.com security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| composer/october/system | >=3.0.0<3.4.15 | 3.4.15 |
| Octobercms October | >=3.0.0<3.4.15 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the impact of CVE-2023-44381?
An authenticated backend user with certain permissions can execute PHP code in the CMS.
Who is affected by CVE-2023-44381?
Users of October CMS versions between 3.0.0 and 3.4.15 with specific permissions.
How can an attacker exploit CVE-2023-44381?
An attacker can craft a special request with PHP code to be executed by the CMS.
What is the remedy for CVE-2023-44381?
Upgrade to October CMS version 3.4.15.
Where can I find more information about CVE-2023-44381?
You can find more information at the following references: [link1], [link2].
- collector/mitre-cve
- collector/github-advisory-latest
- alias/GHSA-q22j-5r3g-9hmh
- alias/CVE-2023-44381
- collector/nvd-api
- collector/nvd-cve
- collector/github-advisory
- package-manager/composer
- vendor/octobercms
- canonical/octobercms october
- version/octobercms october/3.0.0