How severe is CVE-2020-26231?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.7 out of 10.

What type of vulnerability is CVE-2020-26231?

This is classified as CWE-862, which is a common weakness in software security.

CVE-2020-26231

MEDIUM Year: 2020

CVSS v3 Score

6.7

Medium

CVSS v2 Score

4.4

Medium

Weakness Type

CWE-862

View all →

Vulnerability Description

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. A bypass of CVE-2020-15247 (fixed in 1.0.469 and 1.1.0) was discovered that has the same impact as CVE-2020-15247. An authenticated backend user with the cms.manage_pages, cms.manage_layouts, or cms.manage_partials permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to cms.enableSafeMode being enabled is able to write specific Twig code to escape the Twig sandbox and execute arbitrary PHP. This is not a problem for anyone that trusts their users with those permissions to normally write & manage PHP within the CMS by not having cms.enableSafeMode enabled, but would be a problem for anyone relying on cms.enableSafeMode to ensure that users with those permissions in production do not have access to write & execute arbitrary PHP. Issue has been patched in Build 470 (v1.0.470) and v1.1.1.

CVE-2017-6598

MEDIUM

CVSS:6.7(Medium)

A vulnerability in the debug plug-in functionality of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security A...

CWE-8622017

CVE-2017-8083

MEDIUM

CVSS:6.7(Medium)

CompuLab Intense PC and MintBox 2 devices with BIOS before 2017-05-21 do not use the CloseMnf protection mechanism for write protection of flash memory regions, which allows local users to install a f...

CWE-8622017

CVE-2020-15780

MEDIUM

CVSS:6.7(Medium)

An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot ...

CWE-8622020

CVE-2020-27777

MEDIUM

CVSS:6.7(Medium)

A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (...

CWE-8622020

CVE-2020-9209

MEDIUM

CVSS:6.7(Medium)

There is a privilege escalation vulnerability in SMC2.0 product. Some files in a directory of a module are located improperly. It does not apply the directory limitation. Attackers can exploit this vu...

CWE-8622020

CVE-2022-20049

MEDIUM

CVSS:6.7(Medium)

In vpu, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not...

CWE-8622022

CVE-2020-26231

Vulnerability Description

Related Vulnerabilities

CVE-2017-6598

CVE-2017-8083

CVE-2020-15780

CVE-2020-27777

CVE-2020-9209

CVE-2022-20049