CVE-2022-35944 - Vulnerability Details - OpenCVE

ReportizFlow

October is a self-hosted Content Management System (CMS) platform based on the Laravel PHP Framework. This vulnerability only affects installations that rely on the safe mode restriction, commonly used when providing public access to the admin panel. Assuming an attacker has access to the admin panel and permission to open the "Editor" section, they can bypass the Safe Mode (`cms.safe_mode`) restriction to introduce new PHP code in a CMS template using a specially crafted request. The issue has been patched in versions 2.2.34 and 3.0.66.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Octobercms	October

Configuration 1 [-]

OR	cpe:2.3:a:octobercms:october::::::::
	cpe:2.3:a:octobercms:october::::::::

No data.

References

Link	Providers
https://github.com/octobercms/october/security/advisories/GHSA-x4q7-m6fp-4v9v

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2022-10-13T00:00:00

Updated: 2024-08-03T09:51:59.222Z

Reserved: 2022-07-15T00:00:00

Link: CVE-2022-35944

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-10-13T22:15:10.217

Modified: 2024-11-21T07:12:01.253

Link: CVE-2022-35944

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-35944", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "dateUpdated": "2024-08-03T09:51:59.222Z", "dateReserved": "2022-07-15T00:00:00", "datePublished": "2022-10-13T00:00:00"}, "containers": {"cna": {"title": "October CMS Safe Mode bypass leads to authenticated RCE (Remote Code Execution)", "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2022-10-13T00:00:00"}, "descriptions": [{"lang": "en", "value": "October is a self-hosted Content Management System (CMS) platform based on the Laravel PHP Framework. This vulnerability only affects installations that rely on the safe mode restriction, commonly used when providing public access to the admin panel. Assuming an attacker has access to the admin panel and permission to open the \"Editor\" section, they can bypass the Safe Mode (`cms.safe_mode`) restriction to introduce new PHP code in a CMS template using a specially crafted request. The issue has been patched in versions 2.2.34 and 3.0.66."}], "affected": [{"vendor": "octobercms", "product": "october", "versions": [{"version": ">= 3.0.0, < 3.0.66", "status": "affected"}, {"version": "< 2.2.34", "status": "affected"}]}], "references": [{"url": "https://github.com/octobercms/october/security/advisories/GHSA-x4q7-m6fp-4v9v"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "LOW", "baseScore": 6.2, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-94: Improper Control of Generation of Code ('Code Injection')", "cweId": "CWE-94"}]}], "source": {"advisory": "GHSA-x4q7-m6fp-4v9v", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T09:51:59.222Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/octobercms/october/security/advisories/GHSA-x4q7-m6fp-4v9v", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:octobercms:october:*:*:*:*:*:*:*:*", "matchCriteriaId": "8B37B291-6585-4871-992E-1206461FA7B3", "versionEndExcluding": "2.2.34", "vulnerable": true}, {"criteria": "cpe:2.3:a:octobercms:october:*:*:*:*:*:*:*:*", "matchCriteriaId": "03BB2ACB-3BFD-4560-84DF-3A2835E79ADB", "versionEndExcluding": "3.0.66", "versionStartIncluding": "3.0.00", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "October is a self-hosted Content Management System (CMS) platform based on the Laravel PHP Framework. This vulnerability only affects installations that rely on the safe mode restriction, commonly used when providing public access to the admin panel. Assuming an attacker has access to the admin panel and permission to open the \"Editor\" section, they can bypass the Safe Mode (`cms.safe_mode`) restriction to introduce new PHP code in a CMS template using a specially crafted request. The issue has been patched in versions 2.2.34 and 3.0.66."}, {"lang": "es", "value": "October es una plataforma de Sistema de Administraci\u00f3n de Contenidos (CMS) auto alojada basada en el Framework PHP Laravel. Esta vulnerabilidad s\u00f3lo afecta a las instalaciones que son basadas en la restricci\u00f3n del modo seguro, com\u00fanmente usado cuando es proporcionado acceso p\u00fablico al panel de administraci\u00f3n. Asumiendo que un atacante presenta acceso al panel de administraci\u00f3n y permiso para abrir la secci\u00f3n \"Editor\", puede omitirse la restricci\u00f3n de modo seguro (\"cms.safe_mode\") para introducir nuevo c\u00f3digo PHP en una plantilla del CMS usando una petici\u00f3n especialmente dise\u00f1ada. El problema ha sido parcheado en versiones 2.2.34 y 3.0.66"}], "id": "CVE-2022-35944", "lastModified": "2024-11-21T07:12:01.253", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 0.7, "impactScore": 5.5, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "[email protected]", "type": "Primary"}]}, "published": "2022-10-13T22:15:10.217", "references": [{"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://github.com/octobercms/october/security/advisories/GHSA-x4q7-m6fp-4v9v"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/octobercms/october/security/advisories/GHSA-x4q7-m6fp-4v9v"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "[email protected]", "type": "Secondary"}]}