CVE-2023-44381

MEDIUM Year: 2023
CVSS v3 Score
4.9
Medium
Weakness Type
CWE-94
View all →

Vulnerability Description

October is a Content Management System (CMS) and web platform to assist with development workflow. An authenticated backend user with the `editor.cms_pages`, `editor.cms_layouts`, or `editor.cms_partials` permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to `cms.safe_mode` being enabled can craft a special request to include PHP code in the CMS template. This issue has been patched in version 3.4.15.

Related Vulnerabilities

CVE-2016-7787

MEDIUM
CVSS:4.9(Medium)

A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user.

CWE-942016

CVE-2024-53382

MEDIUM
CVSS:4.9(Medium)

Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can...

CWE-942024

CVE-2024-53386

MEDIUM
CVSS:4.9(Medium)

Stage.js through 0.8.10 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowe...

CWE-942024

CVE-2024-6936

MEDIUM
CVSS:4.9(Medium)

A vulnerability, which was classified as problematic, has been found in formtools.org Form Tools 3.1.1. This issue affects some unknown processing of the file /admin/settings/index.php?page=accounts o...

CWE-942024

CVE-2021-42754

MEDIUM
CVSS:5.0(Medium)

An improper control of generation of code vulnerability [CWE-94] in FortiClientMacOS versions 7.0.0 and below and 6.4.5 and below may allow an authenticated attacker to hijack the MacOS camera without...

CWE-942021

CVE-2024-29991

MEDIUM
CVSS:5.0(Medium)

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

CWE-942024