How severe is CVE-2023-44382?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.1 out of 10.

What type of vulnerability is CVE-2023-44382?

This is classified as CWE-94, which is a common weakness in software security.

CVE-2023-44382 - CRITICAL Severity | CVSS 9.1

Vulnerability Description

October is a Content Management System (CMS) and web platform to assist with development workflow. An authenticated backend user with the `editor.cms_pages`, `editor.cms_layouts`, or `editor.cms_partials` permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to `cms.safe_mode` being enabled can write specific Twig code to escape the Twig sandbox and execute arbitrary PHP. This issue has been patched in 3.4.15.

Related Vulnerabilities

CVE-2017-2968

CRITICAL

CVSS:9.1(Critical)

Adobe Campaign versions 16.4 Build 8724 and earlier have a code injection vulnerability.

CWE-942017

CVE-2019-0330

CRITICAL

CVSS:9.1(Critical)

The OS Command Plugin in the transaction GPA_ADMIN and the OSCommand Console of SAP Diagnostic Agent (LM-Service), version 7.2, allow an attacker to inject code that can be executed by the application...

CWE-942019

CVE-2019-18582

CRITICAL

CVSS:9.1(Critical)

Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server-side template injection vulnerability in the REST API. A ...

CWE-942019

CVE-2019-6816

CRITICAL

CVSS:9.1(Critical)

In Modicon Quantum all firmware versions, a CWE-94: Code Injection vulnerability could cause an unauthorized firmware modification with possible Denial of Service when using Modbus protocol.

CWE-942019

CVE-2020-12013

CRITICAL

CVSS:9.1(Critical)

A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and ...

CWE-942020

CVE-2020-6318

CRITICAL

CVSS:9.1(Critical)

A Remote Code Execution vulnerability exists in the SAP NetWeaver (ABAP Server, up to release 7.40) and ABAP Platform (> release 7.40).Because of this, an attacker can exploit these products via Code ...

CWE-942020