FKIE_CVE-2021-32649

Vulnerability from fkie_nvd - Published: 2022-01-14 15:15 - Updated: 2024-11-21 06:07
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
October CMS is a self-hosted content management system (CMS) platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with "create, modify and delete website pages" privileges in the backend is able to execute PHP code by running specially crafted Twig code in the template markup. The issue has been patched in Build 473 (v1.0.473) and v1.1.6. Those unable to upgrade may apply the patch to their installation manually as a workaround.
References
security-advisories@github.comhttps://github.com/octobercms/october/commit/167b592eed291ae1563c8fcc5b9b34a03a300f26Patch, Third Party Advisory
security-advisories@github.comhttps://github.com/octobercms/october/security/advisories/GHSA-wv23-pfj7-2mjjPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/octobercms/october/commit/167b592eed291ae1563c8fcc5b9b34a03a300f26Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/octobercms/october/security/advisories/GHSA-wv23-pfj7-2mjjPatch, Third Party Advisory
Impacted products
Vendor Product Version
octobercms october *
octobercms october *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:octobercms:october:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "825E6E25-2039-4C79-9B48-EDE2B1EB9A2F",
              "versionEndExcluding": "1.0.473",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:octobercms:october:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C00C0780-FBDC-493D-B97B-CE805D3606B7",
              "versionEndExcluding": "1.1.6",
              "versionStartIncluding": "1.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "October CMS is a self-hosted content management system (CMS) platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with \"create, modify and delete website pages\" privileges in the backend is able to execute PHP code by running specially crafted Twig code in the template markup. The issue has been patched in Build 473 (v1.0.473) and v1.1.6. Those unable to upgrade may apply the patch to their installation manually as a workaround."
    },
    {
      "lang": "es",
      "value": "October CMS es una plataforma de sistema de administraci\u00f3n de contenidos (CMS) auto alojada basada en el framework PHP Laravel. En versiones anteriores a 1.0.473 y 1.1.6, un atacante con privilegios \"create, modify and delete website pages\" en el backend es capaz de ejecutar c\u00f3digo PHP mediante la ejecuci\u00f3n de c\u00f3digo Twig especialmente dise\u00f1ado en el marcado de la plantilla. El problema ha sido parcheado en la Build 473 (v1.0.473) y versi\u00f3n v1.1.6. Los que no puedan actualizar pueden aplicar el parche a su instalaci\u00f3n manualmente como medida de mitigaci\u00f3n"
    }
  ],
  "id": "CVE-2021-32649",
  "lastModified": "2024-11-21T06:07:27.430",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-01-14T15:15:07.523",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/octobercms/october/commit/167b592eed291ae1563c8fcc5b9b34a03a300f26"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/octobercms/october/security/advisories/GHSA-wv23-pfj7-2mjj"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/octobercms/october/commit/167b592eed291ae1563c8fcc5b9b34a03a300f26"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/octobercms/october/security/advisories/GHSA-wv23-pfj7-2mjj"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-74"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.