CVE-2020-15246 HIGH

CVE-2020-15246: Local File Inclusion by unauthenticated users

Vendor Octobercms

Product october

Weakness CWE-863 · Incorrect authorization

Published November 23, 2020

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.421 and before version 1.0.469, an attacker can read local files on an October CMS server via a specially crafted request. Issue has been patched in Build 469 (v1.0.469) and v1.1.0.

Key dates

02Disclosure timeline

November 23, 2020 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-15246

Related vulnerabilities

CVE-2020-15246: Local File Inclusion by unauthenticated users

01Description

02Disclosure timeline

03References

04Related CVE