GSD-2022-35944
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
October is a self-hosted Content Management System (CMS) platform based on the Laravel PHP Framework. This vulnerability only affects installations that rely on the safe mode restriction, commonly used when providing public access to the admin panel. Assuming an attacker has access to the admin panel and permission to open the "Editor" section, they can bypass the Safe Mode (`cms.safe_mode`) restriction to introduce new PHP code in a CMS template using a specially crafted request. The issue has been patched in versions 2.2.34 and 3.0.66.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-35944",
"id": "GSD-2022-35944"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-35944"
],
"details": "October is a self-hosted Content Management System (CMS) platform based on the Laravel PHP Framework. This vulnerability only affects installations that rely on the safe mode restriction, commonly used when providing public access to the admin panel. Assuming an attacker has access to the admin panel and permission to open the \"Editor\" section, they can bypass the Safe Mode (`cms.safe_mode`) restriction to introduce new PHP code in a CMS template using a specially crafted request. The issue has been patched in versions 2.2.34 and 3.0.66.",
"id": "GSD-2022-35944",
"modified": "2023-12-13T01:19:33.330055Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-35944",
"STATE": "PUBLIC",
"TITLE": "October CMS Safe Mode bypass leads to authenticated RCE (Remote Code Execution)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "october",
"version": {
"version_data": [
{
"version_value": "\u003e= 3.0.0, \u003c 3.0.66"
},
{
"version_value": "\u003c 2.2.34"
}
]
}
}
]
},
"vendor_name": "octobercms"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "October is a self-hosted Content Management System (CMS) platform based on the Laravel PHP Framework. This vulnerability only affects installations that rely on the safe mode restriction, commonly used when providing public access to the admin panel. Assuming an attacker has access to the admin panel and permission to open the \"Editor\" section, they can bypass the Safe Mode (`cms.safe_mode`) restriction to introduce new PHP code in a CMS template using a specially crafted request. The issue has been patched in versions 2.2.34 and 3.0.66."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/octobercms/october/security/advisories/GHSA-x4q7-m6fp-4v9v",
"refsource": "CONFIRM",
"url": "https://github.com/octobercms/october/security/advisories/GHSA-x4q7-m6fp-4v9v"
}
]
},
"source": {
"advisory": "GHSA-x4q7-m6fp-4v9v",
"discovery": "UNKNOWN"
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c2.2.34||\u003e=3.0.00,\u003c3.0.66",
"affected_versions": "All versions before 2.2.34, all versions starting from 3.0.00 before 3.0.66",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-937",
"CWE-94"
],
"date": "2022-10-18",
"description": "October is a self-hosted Content Management System (CMS) platform based on the Laravel PHP Framework. This vulnerability only affects installations that rely on the safe mode restriction, commonly used when providing public access to the admin panel. Assuming an attacker has access to the admin panel and permission to open the \"Editor\" section, they can bypass the Safe Mode (`cms.safe_mode`) restriction to introduce new PHP code in a CMS template using a specially crafted request. The issue has been patched in versions 2.2.34 and 3.0.66.",
"fixed_versions": [
"2.2.34",
"3.0.74"
],
"identifier": "CVE-2022-35944",
"identifiers": [
"CVE-2022-35944",
"GHSA-x4q7-m6fp-4v9v"
],
"not_impacted": "All versions starting from 2.2.34 before 3.0.00, all versions starting from 3.0.66",
"package_slug": "packagist/october/october",
"pubdate": "2022-10-13",
"solution": "Upgrade to version 2.2.34, 3.0.74 or above.",
"title": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2022-35944",
"https://github.com/octobercms/october/security/advisories/GHSA-x4q7-m6fp-4v9v"
],
"uuid": "810452f8-e0ac-405c-9149-93ca364b5fd1"
},
{
"affected_range": "\u003c2.2.34||\u003e=3.0.0,\u003c3.0.66",
"affected_versions": "All versions before 2.2.34, all versions starting from 3.0.0 before 3.0.66",
"cwe_ids": [
"CWE-1035",
"CWE-937",
"CWE-94"
],
"date": "2022-10-13",
"description": "October is a self-hosted Content Management System (CMS) platform based on the Laravel PHP Framework. This vulnerability only affects installations that rely on the safe mode restriction, commonly used when providing public access to the admin panel. Assuming an attacker has access to the admin panel and permission to open the \"Editor\" section, they can bypass the Safe Mode (`cms.safe_mode`) restriction to introduce new PHP code in a CMS template using a specially crafted request. The issue has been patched in versions 2.2.34 and 3.0.66.",
"fixed_versions": [
"2.2.34",
"3.0.66"
],
"identifier": "CVE-2022-35944",
"identifiers": [
"GHSA-x4q7-m6fp-4v9v",
"CVE-2022-35944"
],
"not_impacted": "All versions starting from 2.2.34 before 3.0.0, all versions starting from 3.0.66",
"package_slug": "packagist/october/system",
"pubdate": "2022-10-13",
"solution": "Upgrade to versions 2.2.34, 3.0.66 or above.",
"title": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"urls": [
"https://github.com/octobercms/october/security/advisories/GHSA-x4q7-m6fp-4v9v",
"https://github.com/advisories/GHSA-x4q7-m6fp-4v9v"
],
"uuid": "e2debe32-336a-46a2-ae1e-a7047f46a548"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:octobercms:october:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.34",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:octobercms:october:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0.66",
"versionStartIncluding": "3.0.00",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-35944"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "October is a self-hosted Content Management System (CMS) platform based on the Laravel PHP Framework. This vulnerability only affects installations that rely on the safe mode restriction, commonly used when providing public access to the admin panel. Assuming an attacker has access to the admin panel and permission to open the \"Editor\" section, they can bypass the Safe Mode (`cms.safe_mode`) restriction to introduce new PHP code in a CMS template using a specially crafted request. The issue has been patched in versions 2.2.34 and 3.0.66."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/octobercms/october/security/advisories/GHSA-x4q7-m6fp-4v9v",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/octobercms/october/security/advisories/GHSA-x4q7-m6fp-4v9v"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
},
"lastModifiedDate": "2022-10-18T20:32Z",
"publishedDate": "2022-10-13T22:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…