CVE-2020-5295

MEDIUM Year: 2020
CVSS v3 Score
4.9
Medium
CVSS v2 Score
4.0
Medium
Weakness Type
CWE-98
View all →

Vulnerability Description

In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to read local files of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the `cms.manage_assets` permission. Issue has been patched in Build 466 (v1.0.466).

Related Vulnerabilities

CVE-2023-23565

MEDIUM
CVSS:4.9(Medium)

An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to retrieve PHP files from the server via Local File Inclusion.

CWE-982023

CVE-2023-49031

MEDIUM
CVSS:5.1(Medium)

Directory Traversal (Local File Inclusion) vulnerability in Tikit (now Advanced) eMarketing platform 6.8.3.0 allows a remote attacker to read arbitrary files and obtain sensitive information via a cra...

CWE-982023

CVE-2021-29113

MEDIUM
CVSS:4.7(Medium)

A remote file inclusion vulnerability in the ArcGIS Server help documentation may allow a remote, unauthenticated attacker to inject attacker supplied html into a page.

CWE-982021

CVE-2024-52386

MEDIUM
CVSS:5.3(Medium)

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Business Directory Team by RadiusTheme Classified Listing classified-listing al...

CWE-982024

CVE-2015-6461

MEDIUM
CVSS:5.4(Medium)

Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP3...

CWE-982015

CVE-2024-52385

MEDIUM
CVSS:4.3(Medium)

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Sk. Abul Hasan Team Member.This issue affects Team Member: from n/a through 7.3...

CWE-982024