CVE-2017-1000119: Unrestricted Upload of File with Dangerous Type

May 13, 2022 (updated July 31, 2023)

October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise and possibly other applications on the server.

References

octobercms.com/support/article/rn-8
packetstormsecurity.com/files/154390/October-CMS-Upload-Protection-Bypass-Code-Execution.html
github.com/advisories/GHSA-q263-j3q9-g964
nvd.nist.gov/vuln/detail/CVE-2017-1000119

Detect and mitigate CVE-2017-1000119 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →