GSD-2021-32650

Vulnerability from gsd - Updated: 2023-12-13 01:23
Details
October CMS is a self-hosted content management system (CMS) platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with access to the backend is able to execute PHP code by using the theme import feature. This will bypass the safe mode feature that prevents PHP execution in the CMS templates.The issue has been patched in Build 473 (v1.0.473) and v1.1.6. Those unable to upgrade may apply the patch to their installation manually as a workaround.
Aliases
Aliases
CVE-2021-32650
To clipboard 

{
  "GSD": {
    "alias": "CVE-2021-32650",
    "description": "October CMS is a self-hosted content management system (CMS) platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with access to the backend is able to execute PHP code by using the theme import feature. This will bypass the safe mode feature that prevents PHP execution in the CMS templates.The issue has been patched in Build 473 (v1.0.473) and v1.1.6. Those unable to upgrade may apply the patch to their installation manually as a workaround.",
    "id": "GSD-2021-32650"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-32650"
      ],
      "details": "October CMS is a self-hosted content management system (CMS) platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with access to the backend is able to execute PHP code by using the theme import feature. This will bypass the safe mode feature that prevents PHP execution in the CMS templates.The issue has been patched in Build 473 (v1.0.473) and v1.1.6. Those unable to upgrade may apply the patch to their installation manually as a workaround.",
      "id": "GSD-2021-32650",
      "modified": "2023-12-13T01:23:09.042018Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2021-32650",
        "STATE": "PUBLIC",
        "TITLE": "Arbitrary code execution in october/system"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "october",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "\u003c 1.0.473"
                        },
                        {
                          "version_value": "\u003e= 1.1.0, \u003c 1.1.6"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "octobercms"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "October CMS is a self-hosted content management system (CMS) platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with access to the backend is able to execute PHP code by using the theme import feature. This will bypass the safe mode feature that prevents PHP execution in the CMS templates.The issue has been patched in Build 473 (v1.0.473) and v1.1.6. Those unable to upgrade may apply the patch to their installation manually as a workaround."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/octobercms/october/security/advisories/GHSA-5hfj-r725-wpc4",
            "refsource": "CONFIRM",
            "url": "https://github.com/octobercms/october/security/advisories/GHSA-5hfj-r725-wpc4"
          },
          {
            "name": "https://github.com/octobercms/october/commit/167b592eed291ae1563c8fcc5b9b34a03a300f26",
            "refsource": "MISC",
            "url": "https://github.com/octobercms/october/commit/167b592eed291ae1563c8fcc5b9b34a03a300f26"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-5hfj-r725-wpc4",
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "=1.0.472||=1.1.5",
          "affected_versions": "Version 1.0.472, version 1.1.5",
          "cvss_v2": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-937",
            "CWE-94"
          ],
          "date": "2022-08-05",
          "description": "October CMS is a self-hosted content management system (CMS) platform based on the Laravel PHP Framework., an attacker with access to the backend is able to execute PHP code by using the theme import feature. This will bypass the safe mode feature that prevents PHP execution in the CMS templates. The issue has been patched in Build (v1.0.473) and v1.1.6. Those unable to upgrade may apply the patch to their installation manually as a workaround.",
          "fixed_versions": [
            "1.0.473",
            "1.1.6"
          ],
          "identifier": "CVE-2021-32650",
          "identifiers": [
            "CVE-2021-32650",
            "GHSA-5hfj-r725-wpc4"
          ],
          "not_impacted": "All versions before 1.0.472, all versions after 1.0.472 before 1.1.5, all versions after 1.1.5",
          "package_slug": "packagist/october/october",
          "pubdate": "2022-01-14",
          "solution": "Upgrade to versions 1.0.473, 1.1.6 or above.",
          "title": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2021-32650",
            "https://github.com/octobercms/october/security/advisories/GHSA-5hfj-r725-wpc4",
            "https://github.com/octobercms/october/commit/167b592eed291ae1563c8fcc5b9b34a03a300f26"
          ],
          "uuid": "6c609c9e-dfeb-4c41-996f-e1dd3c6fd5f5"
        },
        {
          "affected_range": "\u003e=1.1.0,\u003c1.1.6||\u003c1.0.473",
          "affected_versions": "All versions starting from 1.1.0 before 1.1.6, all versions before 1.0.473",
          "cvss_v2": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-74",
            "CWE-78",
            "CWE-937"
          ],
          "date": "2022-01-24",
          "description": "October CMS is a self-hosted content management system (CMS) platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with access to the backend is able to execute PHP code by using the theme import feature. This will bypass the safe mode feature that prevents PHP execution in the CMS templates.The issue has been patched in Build 473 (v1.0.473) and v1.1.6. Those unable to upgrade may apply the patch to their installation manually as a workaround.",
          "fixed_versions": [
            "1.0.473"
          ],
          "identifier": "CVE-2021-32650",
          "identifiers": [
            "GHSA-5hfj-r725-wpc4",
            "CVE-2021-32650"
          ],
          "not_impacted": "All versions before 1.1.0, all versions starting from 1.0.473 before 1.1.6",
          "package_slug": "packagist/october/system",
          "pubdate": "2022-01-14",
          "solution": "Upgrade to version 1.0.473 or above.",
          "title": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
          "urls": [
            "https://github.com/octobercms/october/security/advisories/GHSA-5hfj-r725-wpc4",
            "https://nvd.nist.gov/vuln/detail/CVE-2021-32650",
            "https://github.com/octobercms/october/commit/167b592eed291ae1563c8fcc5b9b34a03a300f26",
            "https://github.com/advisories/GHSA-5hfj-r725-wpc4"
          ],
          "uuid": "947e0e85-6e21-46ab-927f-14f7105c4435"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:octobercms:october:1.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:octobercms:october:1.0.472:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2021-32650"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "October CMS is a self-hosted content management system (CMS) platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with access to the backend is able to execute PHP code by using the theme import feature. This will bypass the safe mode feature that prevents PHP execution in the CMS templates.The issue has been patched in Build 473 (v1.0.473) and v1.1.6. Those unable to upgrade may apply the patch to their installation manually as a workaround."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-94"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/octobercms/october/security/advisories/GHSA-5hfj-r725-wpc4",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://github.com/octobercms/october/security/advisories/GHSA-5hfj-r725-wpc4"
            },
            {
              "name": "https://github.com/octobercms/october/commit/167b592eed291ae1563c8fcc5b9b34a03a300f26",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/octobercms/october/commit/167b592eed291ae1563c8fcc5b9b34a03a300f26"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-08-05T11:09Z",
      "publishedDate": "2022-01-14T15:15Z"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.